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YOU  DO  MORE.  YOU  SAVE  MORE 


The  end-to-end  virtualized  infrastructure  is  now  a  reality.  From  servers  to  desktops  to 

•  management,  it's  all  possible  with  Microsoft's  comprehensive  and  cost-effective  portfolio 
of  virtualization  products  and  solutions.  Find  out  more  at  microsoft.com/virtualization 


Let's  make  VoIP  work  for  you. 

And  who  better  to  show  you  how  than  the  experts  at  CDW? 
Our  telephony  specialists  can  help  you  implement 

a  money-saving,  collaboration-improving  VoIP  system. 

Before  you  start  we  can  design,  install  and  test  it  all. 

And  to  top  it  off,  we  can  even  train  you  on  how  to  use  everything. 
So  let's  start  seeing  and  hearing  your  ROI  today. 


Let's  get  going 


CDW.com  1 800.399.4CDW 


Find  out  more  about  VoIP  from  one  of  the  telephony  specialists  at  CDW. 


The  Right  Technology.  Right  Away.* 
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How  green  are  you? 

Aug.  27  is  Power  IT  Down  Day,  an 
awareness-raising  event  sponsored 
by  Citrix,  HP,  Intel  and  Microsoft 
to  encourage  employees  to  hit 
their  power  strips  as  they  head 
out  the  door  for  the  evening. 

“The  objective  for  the  day  is 
to  raise  awareness  of  what 
individual  consumers  of  IT  can 
do  to  impact  green  IT  initiatives, 
whether  in  government  or  private  industry,” 
says  Tom  Simmons,  area  vice  president  for 
Citrix  Federal. 


19  Risk  and  Reward  Managed  security  services  all  the  rage  in  tough 
economic  times,  by  andreas  antonopoulos 

21  News  Analysis  DNS ‘blacklist’ unveiled. 

24  Tech  Update  ‘Soft’  WAN  optimization  tools. 

26  Gear  Head  The  Twitter  Sentimeter,  Part  Drei.  by  mark  gibbs 

26  Cool  Tools  The  new  car  stereo  system,  by  keith  shaw 

42  BackSpin  On  excellence  and  best  practices,  by  mark  gibbs 

42  Layer  8  Can  electronic  health  records  really  be  secure?  by  Michael  cooney 


Hackers  jump  on  Microsoft  flaw 

The  “critical"  WINS  vulnerability  that  Micro¬ 
soft  issued  a  patch  for  in  early  August  is  now 
being  exploited  actively  in  the  wild,  according 
to  the  SANS  Institute.  The  Internet  Storm 
Center,  which  is  operated  by  SANS, 
is  receiving  preliminary  reports  that  hackers 
are  targeting  Microsoft's  WINS  service  on 
Windows  NT,  2000  and  2003  servers,  and 
that  the  attacks  originated  in  China.  WINS  is 
a  central  mapping  of  host  names  to  network 
addresses  and  lets  users  find  computers  on 
a  network. 
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701-2228;  E-mail:  nww@omeda.com;  URL:  www.subscribenww.com 
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Following 
trail  of  130 
million  stolen 
credit/debit  cards 

A  28-year-old  Miami  man  has  been  indicted 
for  the  largest  credit  and  debit  card  theft  ever 
prosecuted  in  the  United  States,  with  data 
from  more  than  130  million  credit  and  debit 
cards  stolen,  the  U.S.  Department  of  Justice 
said.  Albert  Gonzales,  also  known  as  segvec, 
soupnazi  and  j4guarl7,  was  charged,  along 
with  two  unnamed  co-conspirators,  with 
using  SQL  injection  attacks  to  steal  credit 
and  debit  card  information.  Among  the  cor¬ 
porate  victims  named  in  the  two-count  indict¬ 
ment  are  Heartland  Payment  Systems,  a  New 
Jersey  card  payment  processor;  7-Eleven, 
the  Texas-based  convenience  store  chain; 
and  Hannaford  Brothers,  a  Maine-based 
supermarket  chain. 
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UC  ROI  doesn’t  always  pan  out 

BY  TIM  GREENE 


Does  unified  communications  have  an  ROI? 

Unified  communications  offers  a  list  of  ways  it  can  potentially 
save  money  or  boost  profitability,  but  some  features  are  hard 
to  quantify.  Here  are  some  of  the  touted  money  savers: 


Video  conferencing 

Can  eliminate  significant  amounts 
of  corporate  travel. 

Decentralized 
contact  centers 

Call  agents  can  be  dispersed  geographically  and 
even  work  from  home,  eliminating  the  need  for 
acquiring  and  maintaining  brick-and-mortar  space. 

Reducing  hold  times 
for  callers 

Fewer  callers  will  give  up  on 
completing  transactions. 

Presence 

Finding  the  appropriate  expert  available  to  answer 
questions  taps  human  resources  more  effectively. 

Increased  productivity 

Reduces  times  to  do  task,  opening  up 
time  for  more  work  or  to  reduce  staff. 

eturn  on  investment  is  a  big  but 
unfulfilled  promise  of  unified 
communications. 

The  well-established  potential  for 
cost  avoidances  and  lower  operational 
budgets  with  UC  don’t  necessarily  pan  out  in 
practice,  says  Henry  Dewing,  an  analyst  with 
Forrester  Research.  “They’re  not  deriving  the 
benefits  they  expected,”  he  says. 

His  research  finds  that  about  half  the  respon¬ 
dents  have  no  plans  to  deploy  UC  this  year,  about 
half  don’t  have  the  budget  and  about  half  don’t 
see  the  business  value. 

“When  you  talk  to  end  users,  they  want  a 
12-month  return  and  a  triple  digit  ROI,”  Dewing 
says,  and  that  is  not  achievable  in  many  cases. 

Establishing  ROI  is  difficult  for  some  busi¬ 
nesses  because  IT  directors  who  propose  use  of 
UC  don’t  calculate  a  baseline  cost  of  certain  busi¬ 
ness  functions  before  U C  that  they  can  compare 
to  the  costs  after  an  implementation,  he  says. 

For  example,  Collette  Vacations,  a  Pawtucket, 
R.I.,  business  that  sells  travel  packages,  got  into 
UC  for  the  functionality  and  not  the  savings  so 
the  company  hasn’t  been  tracking  it  religiously, 
says  Bill  Dziura,  executive  vice  president  of  IT 
for  the  firm. 

Collette  uses  an  Avaya-based  UC  system  inte¬ 
grated  with  Microsoft’s  Office  Communications 
Server.  The  system  was  installed  at  the  end  of 
2007  as  part  of  an  upgrade  from  a  20-year-old 
Executone  TDM  phone  system  that  included  a 
rudimentary  call  center. 

The  new  system  gives  mobile  workers  access 
to  the  VoIP  network  via  softphones  in  their  lap¬ 
tops,  access  to  presence  information  of  other 
employees,  voice  mail  that’s  accessible  from 
their  Exchange  e-mail,  and  SharePoint  collabo¬ 
ration  and  content  management. 

All  users  have  extension  dialing,  full  pres¬ 
ence  via  OCS,  and  conferencing  that  is  used  for 
training  with  features  such  as  instant  messaging 
so  participants  can  communicate  offline  while 
someone  else  is  speaking.  Initially,  the  system 
was  gathering  less  voice  mail,  but  he  attributes 
that  to  more  callers  opting  to  send  e-mails  or 
IMsto  agents. 

“The  sales  team  has  one  phone  number  now,” 
he  says.  Callers  enter  the  agent’s  extension  and 
if  he’s  not  there,  it  goes  to  his  cell  phone,  house 
phone  or  is  forwarded  to  a  sales  assistant.  “We 
couldn’t  do  that  before,”  he  says. 

Some  of  the  UC  features  must  save  money 


—  he  just  doesn’t  know  how  much.  Agents  can 
be  deployed  in  different  time  zones  so  someone 
is  available  no  matter  when  customers  call,  he 
says.  Making  some  calls  over  Internet  connec¬ 
tions  saves  phone  costs. 

The  sales  team  is  managed  more  effectively 
and  with  less  travel  via  conferencing,  he  says. 

“The  UC  stuff?”  Dziura  says.  “It’s  tough  to  put 
a  dollar  amount  on  that.  How  much  do  you  save 
by  getting  a  person  right  away  when  you  call?” 

Other  businesses  have  an  easier  time  track¬ 
ing  certain  benefits  because  UC  is  eliminating 
third-party  services  for  which  they  have  billing 
records. 

That  is  the  case  with  Advocate  Health  Care, 
which  has  been  using  Alcatel-Lucent  UC  prod¬ 
ucts  since  2005,  including  its  Omni  PCS  4400 
IP  PBX,  MyTeamwork  conferencing  and  collab¬ 
oration  platform,  and  My  Instant  Communica¬ 
tor  software  that  blends  all  forms  of  messaging 
so  it  can  be  accessed  from  multiple  devices. 

Advocate,  based  in  Oak  Brook,  Ill.,  has  saved 
money  by  eliminating  Webex  and  other  con¬ 
ferencing  and  using  My  Teamwork  audio  and 
video  conferencing  and  My  Instant  Communi¬ 
cator  instead,  says  Gary  Horn,  the  director  of 
enterprise  architecture  and  network  security 
for  Advocate. 

“There  is  a  good  cost  savings.  I  believe  the  first 
year  (2007)  it  was  only  $20,000.  We’re  in  the 
hundreds  of  thousands  of  dollars  now,”  he  says. 


The  savings  is  a  measure  of  cost  avoidance  and 
increased  productivity. 

Having  UC  software  on  desktops  makes  it 
simple  for  users  to  start  up  conferences,  which 
means  they  use  them  more,  he  says.  “We’ve  seen 
a  very  steady  uptake  in  the  product’s  utilization,” 
he  says,  and  the  plan  is  to  extend  it  to  all  desk¬ 
tops,  jumping  from  3,500  today  to  13,000. 

The  group  has  plans  to  integrate  presence 
information  from  the  corporate  calendaring 
system  into  the  UC  system,  so  a  person’s  pres¬ 
ence  can  be  known  ahead  of  time.  They  are 
considering  embedding  click-to-talk  in  the  elec¬ 
tronic  medical  records  software  to  start  a  patient 
consultation  among  doctors,  he  says.  And  they 
are  also  thinking  about  putting  UC  software  on 
smartphones  so  medical  staff  on  rounds  can 
collaborate. 

Horn  says  he  has  no  way  to  estimate  in  dollars 
how  future  features  might  generate  cost  savings 
or  improved  productivity. 

For  some  CFOs,  that  is  a  problem,  Dew¬ 
ing  says.  “That  increased  productivity  thing 
doesn’t  sell  today,”  he  says  because  many  busi¬ 
nesses  are  looking  for  proof  of  a  payback  on  their 
investments. 

In  some  cases  UC  is  being  implemented 
relatively  inexpensively  to  see  how  it  will  be 
used  with  no  expectations  that  it  will  cut  costs, 
improve  productivity  or  avoid  expenditures. 

■  See  UC,  page  14 


6  AUGUST  17  -  24, 2009  www.networkworld.com 


-v:  1 

K\:y  kk 
?»y.  <>'.'3 
• :  >  - 

.V:*'  -.J 


WHAT’S  the  BUSINESS  PROBLEM? 
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the  QWEST  SOLUTION:  Now  more  than  ever,  your  business  demands  that  you  identify 


inefficiencies  wherever  they  present  themselves.  As  a  single '■source  provider  of  voice,  data 


and  network  solutions,  Qwest  offers  bundled  solutions  that  simplify  your  IT  operations 


r  more  information  visit  qwest.com/business 


so  you  can  start  getting  more 


Get  Qwest.  Get  Nimble 


BUSINESS 
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The  cloud’s  time  has  come 

Re:  Is  cloud  computing  real?  Ask  DISA  (http:// 
tinyurl.com/mlqjrx): 

Just  because  early  visionaries  were  ahead 
of  their  time  does  not  mean  cloud  computing 
will  not  happen.  Many  governments  and  telcos 
around  the  world  are  taking  a  hard  look  at  a 
variety  of  cloud  computing  models  which  fol¬ 
low,  to  varying  degrees,  the  three  characteristics 
cited  in  the  prior  blog. 

A  slightly  different  twist  pursued  by  many 
of  these  entities  is  that  with  “cloud  computing”, 
your  entire  computer  is  moved  into  the  “cloud”. 
Think  about  it.  You  are  not  accessing  individual 
applications  via  a  browser  (which  means  you 
still  have  a  computer  on  your  desk),  but  with  a 
dumb  terminal  that  is  nothing  more  than  a  TV 
screen,  showing  you  the  session  in  the  cloud. 
Even  the  browser  is  in  the  cloud. 

It’s  like  mainframe  computing,  except  that 
you  keep  the  usability  of  the  individual  PC  and 
can  access  it  from  anywhere  on  the  public  Inter¬ 
net.  With  this  model,  security  goes  way  up,  TCO 
goes  way  down,  and  user  value/utility  is  much 
higher. 

Lorenzo  Mejia 
SIMtone  Corporation 

Finite  password  questions 
mean  limited  security 

Account  password  reset  procedures  a  joke 
(http:  //tinyurl.com/  mrk2nl): 

“Write  Your  Own  Question”  is  a  lot  more 
secure.  I  really  don’t  understand  why  more  sites 
don’t  offer  that  option. 

You  can  guess  my  favorite  color. 

You  can  find  out  which  school  I  went  to. 

You  can  find  my  birth  date  and  my  mother’s 
maiden  name. 

There’s  no  way  you’ll  be  able  to  figure  out  ques¬ 
tions  whose  answers  complete  a  phrase  that 
makes  sense  only  to  you,  or  is  an  in-joke,  etc. 

With  a  finite  list  of  questions,  and  a  finite  list  of 
possibilities,  the  account  “security”  is  worthless. 

With  an  infinite  list  of  possible  questions,  and 
an  infinite  variety  of  answers . . .  good  luck! 

Anon 


One  more  for  tech  blunder  list 

The  10  stupidest  tech  company  blunders  (http:// 
tinyurl.com/lxqtw7): 

Although  the  list  you  have  assembled  is  quite 
thorough,  I  was  a  little  surprised  that  the  $4  bil¬ 
lion  ION  blunder  made  by  Sprint  from  1997  to 
2001  didn’t  make  the  list.  Especially  in  light  of 
the  fact  that  the  triple-play  service  delivery  mar¬ 
ket  is  currently  so  robust. 

Sprint  which  had  the  first  bundled  three- 
service  offering  to  market  that  worked  for  $99 
a  month  is  nowhere  to  be  found  in  the  market 
today  and  is  now  hanging  its  hat  on  a  dalmation- 
like  national  wireless  network  map  where  it 
owns  none  of  the  wireless  infrastructure  and  is 
frantically  trying  to  sell  a  commodity  that  every¬ 
one  else  is  giving  away  (long-distance).  Plenty  of 
executive  bonuses  to  go  around,  however,  just 
don’t  expect  any  stockholder  dividends. 

Zappa 

Cisco  has  hold  on  resellers 

Do  HP,  3Com  value  claims  trump  Cisco?  (http:// 
tinyurl.com /nmlj  yt) : 

There  are  several  aspects  at  play  here  with 
the  “Cisco  Allure”,  however  it  mostly  has  to  do 
with  the  reseller  that  end  users  align  themselves 
with. 

It  is  quite  typical  for  a  company  to  see  a  par¬ 
ticular  reseller  as  their  “trusted  adviser”  and 
do  whatever  they  tell  them.  The  reseller  on  the 
other  hand  is  totally  beholden  to  Cisco.  Should 
they  step  away  from  the  fold  and  try  to  sell 
another  vendor  then  they  best  be  ready  for  the 
consequence.. .i.e.  the  Wrath  of  Cisco.  These 
resellers  have  such  a  large  Cisco  install  base 
and  yearly  Cisco  derived  income/rebates  there 
is  little  chance  of  them  rocking  the  boat  at  all.  (In 
other  words,  Cisco  has  everyone  over  a  barrel.) 

Most  companies  I  speak  to  love  the  alterna¬ 
tives,  as  let’s  face  it  almost  every  switching  ven¬ 
dor  has  a  comparative  product,  feature  set,  and 
all  are  better  when  it  comes  to  price.  The  trick  is 
having  them  get  their  reseller  to  support  brand- 
x  or  have  them  change  reseller  to  an  “Anything 
But  Cisco”  shop. 

Anon 
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Si  Feature  sessions  include:  Security; 

WAN  Services;  Network  Management; 
Virtualization;  Data  Centers;  SaaS;  Green  IT; 
UC;  VoIP;  Mobility;  Application  Delivery 
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Smarter  technology  for  a  Smarter  Planet: 

How  to  manage  thousands 
of  things  you  can’t  touch. 

Today,  many  companies  are  finding  out  the  hard  way  that  virtual  image  sprawl  can  be  just  as  complicated  as 
the  physical  server  sprawl  virtualization  was  meant  to  solve.  IBM  can  help  you  manage,  simplify  and  even 
automate  your  virtual  environment  with  a  broad  range  of  solutions  designed  to  give  you  visibility  and  control 
over  all  of  your  virtual  resources— servers,  storage,  applications,  etc.  So  you  can  provision  and  configure 
resources  in  seconds  instead  of  days,  driving  up  efficiencies  and  setting  the  stage  for  new  delivery  models 
like  cloud  computing.  Our  open  approach  to  virtualization  has  helped  customers  reduce  operating  and  capital 
costs  by  up  to  30%  and  is  an  essential  building  block  of  a  smarter,  more  dynamic  infrastructure. 

A  smarter  business  needs  smarter  software,  systems  and  services. 

Let's  build  a  smarter  planet,  ibm.com/virtualize 
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Airport  safety 

Ahura  Scientific’s  new  tech¬ 
nology  can  detect  between 
safe  and  hazardous  liquids, 
helping  airport  security  know 
whether  dangerous  sub¬ 
stances  are  passing  through 
checkpoints. 
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Mr.  Roboto 

A  competition  in  Tokyo 
showed  off  the  latest  in  robot 
technology. 

http://tinyurl.com/nvukvc 


NWW  INTERVIEW 

IPhone,  SMS  bug 

Security  researchers  Charlie 
Miller  and  Collin  Mulliner 
talked  with  Network  World 
Editor  Tim  Green  about  the 
bug  that  would  allow  hackers 
to  send  SMS  messages  to 
iPhones  and  other  mobile 
phones  to  cripple  them. 
http://tinyurl.com/nrqsmv 
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New  security  reports  show 
threats  still  loom 


BLOGOSPHERE 

■  The  worst  Apple  products  of  all  time.  Net¬ 
work  World  blogger  Yoni  Heisler  says  thanks 
to  the  wild  popularity  of  the  iPod  and  iPhone, 
Apple  has  become  celebrated  for  its  sleek 
devices  that  fly  off  the  shelves.  But  deep  in 
the  annals  of  Apple  history  are  a  number  of 
products  that  were  abysmal  commercial  flops 
—  and  some  of  them  were  design  failures, 
too.  While  some  of  Apple’s  products  bombed 
because  they  were  overpriced,  others  were 
arguably  ahead  of  their  time,  while  still  others 
were  simply  ill-conceived  products  that  were 
horribly  executed  and  poorly  thought  out. 

With  all  eyes  now  focusing  on  the  potential 
release  of  an  Apple  tablet,  it  might  be  a 
good  time  to  take  a  look  back  at  some  of 
Apple's  product  disasters.  Here  is  a  list  of 
Apple's  worst  products.  Leading  off  the  list 

is  Twentieth  Anniversary  Macintosh.  In  1997, 
Apple  unveiled  a  special  edition  Macintosh  to 
commemorate  the  company’s  20th  anniver¬ 
sary.  Originally  introduced  by  then  Apple 
CEO  Gil  Amelio  at  the  2007  Macworld  Expo, 
TAM  featured  a  slick  all-in-one  design  that 
measured  only  2.5  inches  deep,  a  LCD  display 
with  side-mounted  Bose  speakers  and  a  verti¬ 
cally  mounted  CD-ROM  drive.  It  was  released 
in  March  2007  with  a  lot  of  fanfare.  It  didn’t 
help  that  the  machines  specs  were  com¬ 
pletely  underwhelming  relative  to  its  asking 
price.  In  the  12  months  following  its  release, 
Apple  kept  lowering  the  price  of  TAM  in  an 
effort  coax  people  to  buy  it.  Aesthetically, 
the  machine  was  stunning,  but  its  astonish¬ 
ingly  high  price  tag  of  $7,499  didn’t  make  it 
sell  well.  And  in  another  interesting  piece  of 
trivia,  the  TAM's  biggest  claim  to  fame  was 
that  one  of  them  was  on  Jerry  Seinfeld's  desk 
during  the  entire  last  season  of  Seinfeld. 
http://tinyurl.com/nwprsc 

■  Former  Cisco  star  joins  Arista  Networks. 

Network  World  blogger  Brad  Reese  found  in 
Arista  Networks  President  and  CEO  Jayshree 
Ullal’s  blog  that  former  Cisco  star  Douglas 
Gourlay  will  be  Arista’s  new  vice  president 
of  marketing.  According  to  Arista,  Gourlay 
will  be  responsible  for  product  and  solutions 
marketing,  communications,  and  the  strate¬ 
gic  alliances  of  Arista  Networks  (which  builds 
networking  platforms  enabling  customers  to 
build  network  systems  optimized  for  high- 
performance  computing,  virtualization  and 
cloud  deployments).  It’s  my  opinion  that  as 
Cisco’s  former  vice  president  of  Data  Center 
Marketing,  Gourlay  now  brings  to  Arista  his 
formidable  skills  in  masterfully  articulating 
just  how  it  is  that  a  particular  technology 
can  benefit  large  datacenter  and  computing 
environments. 
http://tinyurl.com/m8b2x8 


Wide  Area  Networking:  Security  doesn’t  get 
any  less  complex.  Not  only  are  new  threats 
constantly  emerging,  but  the  same  old  threats 
are  still  hanging  around.  For  instance,  the 
widely  publicized  attack  that  brought  Twitter 
to  its  knees  a  couple  of  weeks  ago  was  nothing 
more  than  a  simple,  old-fashioned  TCP/SYN 
distributed  denial-of-service  attack.  There 
are  a  couple  of  reports,  however,  that  we’ve 
recently  found  to  be  quite  helpful  in  addressing 
both  the  current  threats  and  some  factors  that 
can  help  mitigate  some  of  these  threats.  The 
first  of  these  reports  is  Cisco’s  2009  Midyear 
Security  Report.  As  stated  in  the  introduc¬ 
tion  to  the  report,  “Attacks  are  becoming  more 
sophisticated  and  targeted  as  we  move  through 
the  global  recession.  Thanks  to  increased  col¬ 
laboration,  however,  the  rise  of  cybercrime  may 
taper  off  as  new  security  policies  make  it  more 
difficult  for  attacks  to  infiltrate  and  spread,  and 
also  help  bring  criminals  to  justice.  The  report 
highlights  include:  “Criminals  are  exploiting 
traditional  vulnerabilities  because  they  believe 
security  experts  and  individual  users  are 
paying  little  attention  to  these  types  of  threats. 
“Compromising  legitimate  Web  sites  for  the 
purpose  of  propagating  malware  remains 


a  highly  effective  technique  for  criminals.” 

h  ttp://tinyurl.com/nsojvm 

Network/Systems  Management:  According 
to  a  recent  Forrester  Research  report  “Market 
Overview:  Client  Management  Suites,”  the  PC 
environment  is  transforming  froma  homog¬ 
enous,  standardized  system  to  include  a  variety 
of  operating  systems,  devices  and  virtual 
machines.  The  change  will  cause  vendors  to 
update  their  suites  and  force  desktop  opera¬ 
tions  teams  to  take  on  more  responsibility 
in  terms  of  vulnerability  management  and 
disaster  recovery,  the  Forrester  report  suggests. 
“Desktop  operations  teams  are  now  respon¬ 
sible  for  the  security  and  disaster  recovery  of 
the  devices  (both  physical  and  virtual)  that 
they  manage,”  the  report  reads.  “This  means 
that  IT  organizations  need  client  management 
solutions  that  not  only  help  them  manage 
and  secure  today’s  more  standardized  PC 
environment  but  will  also  be  able  to  support  the 
desktop  of  tomorrow  —  one  that  is  more  virtual 
and  heterogeneous  than  ever  before.”  Today 
vendors'  client  management  suites  typically 
include  a  standard  set  of  capabilities. 
http://tinyurl.com/mosnwz 


10  AUGUST  17  -  24, 2009  www.networkworld.com 


The  power  of  virtualization. 


Simplicity  is  essential.  At  Citrix,  we  believe  enterprise 
computing  has  become  far  too  complex.  Web-era  companies  have 
changed  the  rules.  With  cloud  computing  and  software  as  a  service,  it’s  now  about 
minutes  instead  of  months,  pennies  instead  of  dollars.  It’s  time  for  enterprise  IT 
to  embrace  a  service-oriented  model  that’s  powerful,  versatile  and  cost-effective. 

In  short,  it’s  time  for  IT  leaders  to  step  up  and  simplify. 


Simplicity  is  flexibility.  We  believe  in  virtualization.  Instead  of  grappling  with  infinite 
combinations  of  desktops,  applications  and  server  workloads,  virtualization  allows  you 
to  manage  one  copy  of  each.  Assemble  them  dynamically  at  runtime.  And  deliver  as 
rich,  personalized,  on-demand  services. 


Simplicity  is  savings.  We  harness  the  power  of  virtualization,  networking  and  the 
cloud  to  dramatically  reduce  the  cost  of  computing.  To  put  unprecedented  control 
into  the  hands  of  IT.  To  keep  your  business  competitive.  Profitable.  Unstoppable. 


Simplicity  is  power.  Citrix.  Citrix.com/SimplicitylsPower. 
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Department  of  Justice 
approves  Oracle-Sun  deal 

Oracle  last  week  said  the  U.S.  Department  of  Justice  has  approved  its  $7.4 
billion  acquisition  of  Sun,  although  the  deal  is  subject  to  certain  condi¬ 
tions  and  still  needs  the  blessing  of  European  regulators.  Oracle  first 
announced  its  bid  in  April  and  Sun  shareholders  approved  the  acqui¬ 
sition  on  July  16.  The  combined  company  will  give  Oracle  an  array  of 
new  assets,  including  a  stake  in  the  computer  hardware  market,  the  open  source 
MySQL  database  and  stewardship  of  the  Java  programming  language.  But  the 
pending  deal  for  Sun  has  attracted  a  particularly  large  amount  of  scrutiny,  includ¬ 
ing  worries  from  open  source  advocates  about  the  fate  of  technologies  such  as 
MySQL  and  the  Solaris  operating  system  under  Oracle,  and  antitrust  reviews  from 
the  Justice  Department  and  European  Commission.  In  June,  the  Justice  Depart¬ 
ment  extended  its  review  of  the  merger  to  address  questions  over  the  way  Java  is 
licensed.  Meanwhile,  the  European  Commission  has  said  it  would  issue  an  initial 
opinion  on  the  deal  in  September,  http://tinyurl.com/nt5n3w 


NetApp  makes  CEO  switch.  NetApphasa 
new  CEO  after  its  board  of  directors  appointed 
Tom  Georgens  to  replace  Dan  Warmenhoven, 
who  is  stepping  down  after  15  years  heading 
up  one  of  the  industry’s  largest  data  storage 
companies.  NetApp,  like  most  major  storage 
vendors,  is  suffering  from 
declining  revenue  but  the 
CEO  switch  appears  to  be 
amicable,  with  NetApp 
calling  it  “the  result  of  a 
management  succession 
process.”  Georgens,  49, 
joined  NetApp  in  October 
2005  and  was  most 
recently  president  and  COO.  He  will  retain  his 
title  as  president  in  addition  to  being  promoted 
to  CEO.  Warmenhoven  is  staying  on  as  chair¬ 
man  of  NetApp’s  board  of  directors  and  will 
serve  in  the  newly  created  position  of  execu¬ 
tive  chairman.  NetApp  also  announced  that 
revenue  for  the  quai'ter  ending  July  31  came  in 
at  $838  million,  down  4%  from  the  previous 
year’s  quarter.  Net  income  was  $52  million,  an 
improvement  from  last  year’s  total  of  $35  mil¬ 
lion.  http://tinyurl.com/mcxrk2 

Red  Hat,  IBM,  Novell  contribute  to  explod¬ 
ing  Linux  kernel  development.  Red  Hat,  IBM 
and  Novell  remain  the  top  contributors  to  the 
Linux  kernel,  an  open  source  project  that  has 
grown  by  2.7  million  lines  of  code  over  the  past 
16  months,  according  to  a  report  by  the  Linux 
Foundation.  Since  2008,  there  has  been  roughly 
a  10%  increase  in  the  number  of  developers 
contributing  to  each  kernel  release  cycle,  which 
come  every  two  to  three  months.  In  addition, 
the  number  of  lines  of  code  added  to  the  kernel 
each  day  has  nearly  tripled.  The  kernel  now  has 
more  than  11.5  million  lines  of  code.  Red  Hat, 


IBM  and  Novell  account  for  just  more  than  24% 
of  all  changes  made  to  the  kernel  in  the  past  16 
months,  http://tinyurl.com/nsrrse 

The  Web’s  100  dirtiest  sites.  Web  users  could 
be  putting  themselves  at  risk  by  surfing  to 
some  sites  that  contain  thousands  of  different 
security  threats  each,  says  Symantec.  The  secu¬ 
rity  vendor  has  compiled  a  list  of  this  year’s 
100  ‘Dirtiest  Websites’.  Just  by  visiting  these 
sites,  Web  users  could  see  their  PCs  infected 
with  viruses  or  even  have  their  sensitive 
personal  data  stolen  by  cyber  criminals,  even 
if  they  don’t  download  or  click  on  anything  in 
particular.  Symantec  said  the  average  number 
of  threats  per  malicious  site  is  23.  However,  all 
of  the  Web  sites  that  made  the  top  100  list  have 
on  average  18,000  per  site,  with  40%  having 
over  20,000  security  threats.  The  company 
also  said  that  three  quarters  of  the  sites  have 
been  distributing  malware  for  over  six  months. 
http://tinyurl.com/msbnq5 

ConSentry  Networks  goes  out  of  business. 

Network  access  control  pioneer  ConSentry 
Networks  closed  its  doors  last  week,  according 
to  Mario  Nemirovsky,  the  founder  and  chief 
scientist  for  the  company.  ConSentry  joins  a 
growing  list  of  NAC  vendors  that  have  either 
been  bought,  folded  or  changed  direction  since 
the  concept  of  the  technology  came  on  the  scene 
in  2003.  Lockdown  Networks  and  Cayman 
Systems  folded,  and  Mirage  Networks  was 
bought  earlier  this  year  by  security  service  pro¬ 
vider  Trust  Wave.  Vernier  Networks  changed 
its  name  to  Autonomic  Networks.  Nortel  has 
a  NAC  offering  that  is  tied  up  in  the  company’s 
bankruptcy  proceedings.  ConSentry  started 
out  selling  NAC  gear,  but  it  was  embedded  in 
intelligent  switches.  Over  time  the  company 


altered  its  marketing  pitch  to  highlight 
other  functionality,  but  it  faced  an  uphill 
battle  against  all  the  major  switching  vendors. 

http://tinyurl.com/lpupex 

Layoffs  top  list  of  IT  budget  reduction  plans. 

A  majority  of  more  than  1,000  enterprise  IT 
decision  makers  surveyed  in  North  America 
and  Europe  resorted  to  hiring  freezes,  staff 
reductions,  and  pay  and  benefits  decreases  in 
an  effort  to  lessen  IT  budgets  and  spend,  For¬ 
rester  Research  reports.  Enterprise  IT  execu¬ 
tives  said  that  nearly  70%  of  their  IT  operating 
budget  goes  toward  ongoing  operations  and 
maintenance,  and  in  North  America,  26%  of 
that  budget  is  spent  on  salary  and  benefits  for 
full-time  IT  staffers  (22%  in  Europe).  “IT  staff 
salaries  and  benefits  continue  to  be  the  larg¬ 
est  part  of  the  IT  operating  budget,”  the  firm 
reports.  “Hiring  freezes  and  layoffs  top  the  list 
of  actions  that  firms  expect  to  take  this  year  as  a 
result  of  current  economic  conditions.  ”  http:// 
tinyurl.com/lufa6y 

Carly  Fiorina  prepares  to  launch  Senate  bid. 

Former  HP  CEO  Carly  Fiorina  may  be  launch¬ 
ing  a  run  for  the  U.S.  Senate.  Fiorina,  a  Repub¬ 
lican,  “filed  for  a  tax  identification  number 
Tuesday  and  registered  a  campaign  committee 
named  ‘Carly  for  California,”’  allowing  her  to 
raise  money  for  a  2010  Senate  run,  accord¬ 
ing  to  the  Associated  Press.  Fiorina  would 
be  attempting  to  win  the  seat  of  Sen.  Barbara 
Boxer,  a  Democrat  who  became  senator  in  1992. 
“The  people  of  Cali¬ 
fornia  have  serious 
concerns  about  job 
creation,  economic 
growth  and  the  role 
of  government  in 
solving  problems 
that  touch  each  of  our 
lives,”  Fiorina  said  in 
a  statement,  though 
she  stopped  short  of 
formally  announcing 
a  Senate  bid.  Fiorina,  54,  was  the  president  and 
CEO  of  HP  from  1999  to  2005  and  chairman  of 
the  board  for  most  of  that  time.  Prior  to  that,  she 
spent  nearly  two  decades  at  AT&T  and  Lucent 
Technologies,  http://tinyurl.com/qwdysf 

Wanova  emerges  from  stealth  mode.  A 

desktop  virtualization  start-up  called  Wanova 
emerged  from  stealth  mode  having  secured 
$13  million  in  funding  to  build  technology  for 
managing  and  protecting  mobile  and  remote 
desktops.  Wanova’s  Distributed  Desktop 
Virtualization  software  stores  a  primary  copy 
of  an  operating  system  image  in  the  data  center, 
while  storing  a  cached  copy  on  endpoints  to 
boost  performance  and  provide  offline  desktop 
use.  http://tinyurl.com/lztnh7 
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NEWSLETTER:  WIRELESS  ALERT 

What’s  to  become  of  Nortel  WLAN  users? 


BY  JOANIE  WEXLER 


An  auction  date  for  Nortel’s  Enterprise 
Solutions  Business  —  which  includes 
its  wireless  LANs  —  has  been  set  for 
Sept.  11.  After  that  point,  what’s  to 
become  of  customers  using  Nortel- 
branded  Wi-Fi  equipment? 

That  depends  in  part  on  which  auction  bidder 
wins  the  enterprise  goods,  which  represents  about 
a  quarter  of  bankrupt  Nortel’s  overall  business, 
the  Dell’Oro  Group  says.  Nortel  has  resold  Tra¬ 
peze  Networks  802.11a,  b,  g  controllers  and  access 
points  under  the  Nortel  brand  and  newer  Trapeze 
802.11n  products  under  the  Trapeze  brand. 

There  doesn’t  appear  to  be  many  Nortel  WLAN 
shops  out  there  that  need  to  worry:  Infonetics 
Research  places  Trapeze  10th  in  WLAN  market 
share  at  about  2%  of  the  market,  including  both 
Trapeze-  and  Nortel-branded  products. 


Depending  on  who  ends  up  with  the  Nortel 
WLAN  customers  and  conditions  of  the  signed 
deal,  Trapeze  may  or  may  not  wind  up  respon¬ 
sible  for  existing  accounts.  Nortel  says,  and 
Trapeze  confirms,  that  the  two  companies  have 
an  investment  protection  clause  in  their  OEM 
contract  under  which  Trapeze  would  take  on  the 
support  and  service  of  Nortel’s  Trapeze  installa¬ 
tions  should  Nortel  become  unable  to  do  so. 

But  Steve  Asche,  director  of  inside  sales  at 
Trapeze,  waffles  a  little  bit  about  what  this  binds 
Trapeze  to,  specifically. 

“If  someone  acquires  Nortel  and  picks  up 
responsibility  for  those  [Trapeze-manufac¬ 
tured]  WLAN  products,  whether  the  investment 
protection  terms  of  the  original  deal  port  over  [to 
the  new  owner]  depend  on  the  agreement  deal” 
Nortel  signs  with  its  buyer,  he  says.  He  adds  that 
Nortel  customers  have  the  option  of  “transition¬ 
ing  their  support  over  to  Trapeze  support.” 


In  2006  when  Trapeze  announced  its  Smart 
Mobile  architecture,  aimed  at  striking  an  efficient 
mix  of  distributed  and  centralized  forwarding, 
Nortel  began  work  on  its  own  Wi-Fi  architecture 
design,  initially  targeted  to  ship  in  late  2008. 
Nortel  thought  a  better  approach  was  to  integrate 
WLAN  traffic  management  intelligence  with 
Nortel’s  own  wired  Ethernet  switches  to  pre¬ 
serve  existing  virtual  LAN  configurations,  unify 
wired  and  wireless  network  management  and, 
in  effect,  eliminate  an  overlay  layer  for  wireless. 

A  Nortel  spokesman  says  that  that  product  is 
still  officially  live  and  scheduled  to  ship  at  year- 
end.  However,  whether  the  new  owner  follows 
through  with  the  new  integrated  Wi-Fi  product 
line  remains  to  be  seen. 

Wexler  is  an  independent  technology  writer  in 
Silicon  Valley.  She  can  be  reached  at  joanie@ 
jwexler.com. 
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U.S.  broadband  plan:  too  much  like  old  times? 


IF  I  SOUNDED  a  bit  positive  in  my  last  column 
about  the  state  of  part  of  the  U.S.  government 
bureaucracy,  I  will  make  up  for  that  this  week. 

Since  my  last  column,  the  Department  of  Commerce  capitulated  to  the 
big  carriers,  the  FCC  is  actively  ignoring  consumers,  the  carriers  are  call¬ 
ing  the  government’s  bluff  and  the  FCC  is  asking  if  it  should  think  about 
joining  this  century  when  it  comes  to  Internet  speeds. 

In  my  last  column  I  wondered  if  the  FCC  had  suddenly  become  activist. 
Maybe  it  has  in  one  area,  but  it  does  not  seem  like  there  has  been  any  kind  of 
a  transformation.  The  FCC  just  issued  a  request  for  opinion  as  to  “whether 
broadband  is  being  deployed  to  all  Americans  in  a  reasonable  and  timely 
fashion”  as  required  by  section  706  of  the  Telecommunications  Act  of 1996. 
The  request  notes  that  in  each  of  the  previous  five  Section  706  reports  to 
Congress  the  FCC  concluded  that  broadband  was  being  deployed  “in  a 
reasonable  and  timely  fashion.”  Very  few  other  than  some  carriers  and 
the  FCC  itself  agreed  with  that  assessment. 

The  new  request  notes  that  “these  conclusions,  however,  rested  on  data 
increasingly  criticized  as  lacking  sufficient  detail  to  support  robust  analy¬ 
ses.”  I  can’t  disagree  with  that  conclusion. 

The  request  notes  that  Congress  got  fed  up  with  the  FCC’s  relying  on 
crappy  data  and  told  it  to  do  better.  The  FCC  did  ask  better  questions  this 
time,  but  has  yet  to  finish  analyzing  the  data  so  we  do  not  know  if  it  will 
continue  to  play  the  role  of  Pollyanna. 

The  request  notes  that  under  the  Recovery  Act,  the  Department  of  Com¬ 
merce  is  supposed  to  come  up  with  “a  comprehensive  nationwide  inventory 
map  of  existing  broadband  service  capability  and  availability.”  Instead  of 
fulfilling  that  requirement,  the  department  instead  capitulated  to  the  big 


carriers  and  decided  to  ask  for  less  information  than  it  needs  to  follow  intent 
of  the  law.  For  example,  it  will  not  ask  what  speeds  customers  actually  get— 
something  that  most  people  think  would  be  useful  information. 

The  request  asks  a  few  questions,  two  of  which  do  not  actually  need  to  be 
asked:  “Is  broadband  available  to  all  Americans?”  and  “Is  the  current  level 
of  broadband  deployment  reasonable  and  timely?”  Unless  you  are  actually 
Pollyanna,  you  already  know  the  answer  to  these  questions. 

The  FCC  also  asks  permission  to  redefine  broadband  speed  to  a  value 
that  most  of  the  developed  world  has  been  assuming  for  most  of  this  cen¬ 
tury.  They  also  want  to  know  what  the  FCC  can  do  to  make  things  better. 
If  they  find  a  real  answer  to  that,  and  then  act  on  it,  it  would  be  a  first  - 
for  the  FCC  which  has  largely  been  irrelevant  to  the  pace  of  broadband 
deployment. 

The  big  carriers  have  decided  not  to  take  the  broadband  stimulus  funds. 
You  know,  the  funds  that  were  designed  to  bring  broadband  Internet  to 
parts  of  the  country  that  don’t  yet  have  it.  The  carriers  seem  to  be  trying 
to  call  the  government’s  bluff  in  an  attempt  to  rid  themselves  of  the  pesky 
rules  that  say  they  have  to  be  fair  to  their  customers. 

Finally,  the  FCC  seems  to  have  neglected  to  invite  anyone  who  cares 
about  actual  Internet  users  to  its  hearings. 

All  in  all,  not  a  good  sign  for  the  “us”  vs.  the  “them”  of  the  status  quo. 

Disclaimer:  Cambridge  and  Boston  residents  may  think  of  Harvard  as 
“them,”  but  there  are  a  lot  of  us  Cambridge  and  Boston  residents  who  are 
part  of  that  “them.”  9! 

Bradner  is  Harvard  University’s  technology  security  officer.  He  can  be 
reached  at  sob@sobco.com. 


In  today's  lean  IT  environments,  automation  is  the  most 
efficient  way  to  ease  data  security  demands  while  enabling 
staff  to  focus  on  revenue-generating  activities.  IT  managers 
must  look  to  implement  automation  solutions  built  on  best 
practices  for  quick  ROI  and  reliable  performance. 


Read  more  of  what  your  peers  are  saying  on  Security  at 
leanit.socialmedia.com/leanit 
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■  UC,,  from  page  6 

In  the  case  of  University  of  Kentucky,  that  means  making  Microsoft 
Office  Communications  Server  available  to  departments  as  a  phone 
option  that  comes  with  the  potential  for  more  functionality,  says  Doyle 
Friskney,  associate  vice  president  of  IT  for  the  university. 

The  school,  which  works  hand  in  hand  with  community  colleges, 
medical  centers  and  agriculture  agents,  has  implemented  OCS  on  top 
of  other  Microsoft  infrastructure  that  it  deployed  over  the  last  decade  or 
so,  including  Active  Directory,  Exchange  e-mail  and  Windows  desktop 
operating  systems,  he  says. 

Upgrading  to  OCS  to  support  20,000  concurrent  users  cost  less  than 
$100,000  on  top  of  the  other  expenditures,  and  Friskney  says  that  is  all 
the  cost  that  should  be  attributed  to  the  UC  upgrade.  The  other  elements 
should  be  left  out  of  the  equation. 

When  a  department  needs  voice  services  OCS  is  offered  as  an  option. 
The  other  options  are  traditional  voice  or  VoIP  services  from  a  local 
phone  provider.  When  they  choose  OCS,  the  primary  reason  is  the  cost, 
he  says,  which  amounts  to  deploying  an  OCS  client  to  each  desktop  and 
plugging  in  a  USB  VoIP  phone. 

Departments  that  choose  this  option  also  like  presence,  voice  mail, 
e-mail  and  IM  that  come  with  it.  “Voice  and  video  are  icing  on  the  cake,” 
he  says.  At  the  moment,  between  3,000  and  4,000  OCS  clients  have  been 
deployed  mostly  to  new  users  who  were  not  on  the  network  before. 

University  of  Kentucky  also  has  a  Cisco  Call  Manager  IP  PBX  that 
could  support  the  same  services  OCS  does,  but  for  a  much  lower  cost.  He 
estimates  an  equivalent  Cisco  deployment  would  run  about  $1  million. 

“Microsoft  OCS  supports  a  voice  infrastructure  for  the  future  that  prob¬ 
ably  will  never  be  as  robust  as  the  Cisco  infrastructure  or  the  [traditional 
voice  service]  but  will  be  more  than  adequate  for  well  over  half  of  our  end 
users,”  he  says.  “It  works  much  better  than  you  think.”  H 


(NetSim  # 

NETWORK  SIMULATOR' 

CCENTI  CCNAVI  CCNP” 

DISCOVER  THE 

NETSIfVf 

ADVANTAGE 


NetSim  is  the  only  simulator  that  can  carry 
you  from  CCENT  through  CCNA  to  your 
CCNP  certification.  Invest  in  a  solution  that 
can  take  you  to  the  finish  line. 


Download  a  free  demo  at  boson.com 


boson  .com/NWAG9 
877-333-EXAM 
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BY  JOHNA  TILL  JOHNSON 


The  end  of  commuting? 

“MOMMY,  WHAT  DOES  ‘commute’ mean?” 

“It’s  what  people  used  to  do  in  the  old  days,  Sweetie.  They  got  in  cars 
and  drove  from  their  houses  to  where  they  worked.  Sometimes  it  took 
hours.” 

“Why  did  they  do  that?” 

“Because  their  computers  and  tools  were  at  work.  So  were  the  other 
people  they  had  to  talk  to.” 

“That’s  silly!  Why  didn’t  they  use  their  avatars?” 

“They  didn’t  have  avatars  in  the  old  days,  Sweetie.  When  people  wanted 
to  do  something,  they  had  to  actually  go  someplace  and  do  it.” 

Nuts?  Not  so  fast.  Telecommuting  is  way  up  this  year,  in  companies  of 
all  sizes.  And  technologies  such  as  unified  communications  make  it  pos¬ 
sible  for  distributed  teams  to  coordinate  and  collaborate  virtually  even 
more  effectively  than  in  person.  Over  the  years, 
my  company  has  documented  the  rise  of  the 
virtual  workplace  —  with  more  than  90%  of 
organizations  considering  themselves  virtual. 

There’s  also  a  growing  cultural  acceptance 
of  the  notion  that  work  does  not  have  to  be  in 
a  fixed  place.  Fortune  writer  Nadira  Hira  talks 
about  how  her  generation  —  the  Millennial  — 
don’t  understand  the  notion  of  “going  to  work”. 

They  view  work  as  something  you  do,  not  someplace  you  are. 

As  a  certified  (some  would  say  certifiable)  member  of  Generation  X,  I 
was  on  the  front  lines  of  this  trend  in  the  late  1980s.  As  a  grad  student  I 
used  the  Internet  to  download  data  files  from  remote  particle  accelerators, 
rather  than  traveling  1,000  miles  to  do  it  in  person.  Fifteen  years  later,  I 
was  managing  a  global  team  of  engineers  via  broadband,  presence,  mes¬ 
saging  and  conferencing.  And  these  days,  my  entire  company  is  virtual. 
We  only  meet  in  person  about  every  six  months  —  and  one  year,  a  col¬ 
league  who  couldn’t  travel  because  of  surgery  participated  via  video. 

The  next  major  leap  forward  —  and  it’s  coming  —  will  be  when  vir¬ 
tual  working  expands  beyond  knowledge  workers  to  the  kinds  of  jobs 
that  historically  always  required  physical  presence.  You’ve  heard  about 
telemedicine,  in  which  doctors  conduct  surgeries  remotely.  Now  think 
about  how  that  will  play  out  for  cops,  nurses  and  factory  workers.  With 
the  right  robotics  at  the  far  end,  physical  presence  will  be  increasingly 
unnecessary. 

Interestingly,  IT  departments  are  behind  the  virtual  workplace  curve: 
As  employees  overall  are  increasingly  distributed  geographically  (more 
than  90%  work  someplace  other  than  headquarters),  IT  departments  are 
increasingly  centralized.  Telecommuting  is  actually  considerably  rarer 
in  IT  departments  than  in  the  workforce  at  large. 

This  is  a  bit  scary,  for  a  couple  of  reasons.  First,  IT  is  missing  out  on  a 
revolution  that  the  rest  of  the  company’s  experiencing  —  not  great  for  IT 
workers.  More  worryingly,  IT  departments  are  increasingly  out  of  touch 
with  the  needs,  experiences  and  requirements  of  the  virtual  workforce. 
If  the  IT  version  of  “collaboration”  is  “yelling  over  the  cubicle  wall”,  it’s 
hard  for  IT  to  put  together  meaningful  strategies  for  communications 
and  collaboration  technologies. 

If  this  describes  your  team,  you  need  to  take  two  steps.  Start  working 
virtually.  And  start  strategizing  about  how  technologies,  such  as  mobility, 
video  and  robotics,  can  revolutionize  your  workplace.  ■ 


They  view 
work  as 
something 
you  do,  not 
someplace 
you  are. 
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Johnson  is  president  and  senior  founding  partner  at  Nemertes 
Research,  an  independent  technology  research  firm.  She  can  be 
reached  at  johna@nemertes.com. 


Virtualize,  pack  the  racks, 
and  save  energy  without 
fear  of  hot  spots. 


Put  the  cooling  where  it 
energy  and  handles  hot  spots:  In  Row. 


Today's  data  centers  are  really  heating  up. 

Racks  are  packed  with  more  and  more  equipment,  driving  the  highest-ever  rack  power 


InfraStru  \ure’ 


DATA  CENTERS  ON  DEMAND 


densities.  The  result:  unprecedented  heat  levels,  row  by  row.  Meanwhile,  virtualization 
is  everywhere,  leading  to  more  dynamic  loads  and  shifting  hot  spots.  Tackling  this 
challenge  with  traditional  raised  floors  and  perimeter  cooling  alone  presents  a  real 
struggle:  How  can  you  bring  enough  cooling  exactly  where  it’s  required?  Too  often, 
the  result  is  inefficiency,  worsened  by  soaring  energy  costs.  What’s  the  efficient  and 
effective  solution?  InRow  cooling  from  APC  by  Schneider  Electric. 

Variable  speed  fans  target  heat  and  improve  efficiency. 

Rack-mounted  sensors  monitor  the  temperature,  giving  you  real-time  information  on 
where  heat  is  hiding.  As  heat  loads  shift  around  the  room,  unique  variable  speed  fans 
automatically  adjust  to  meet  the  demand.  By  closely  matching  cooling  with  the  heat 
load,  you  use  the  cooling  that’s  required  in  the  right  place  at  the  right  time,  reducing 
waste  by  preventing  hot  and  cold  air  mixing  and  eliminating  hot  spots.  You  improve 
efficiency  and  avoid  overcooling. 

Modular  design  delivers  maximum  flexibility. 

Scalable,  modular  InRow  cooling  units  can  be  easily  deployed  as  the  foundation  of  your 
entire  cooling  architecture  or  in  addition  to  current  perimeter  cooling  for  a  high-density 
zone  within  an  existing  data  center.  With  this  kind  of  hybrid  environment,  there  is  no 
need  to  start  over,  and  installation  is  quick  and  easy. 

So  go  ahead:  Pack  the  racks  without  fear  of  hot  spots  or  inefficiency.  Intelligent,  efficient 
InRow  cooling  handles  high-density  heat  at  the  source. 


APC  offers  the  most  efficient,  comprehensive  line  of  cooling  solutions  for  any 
IT  environment. 


tnerjyEI 
Cooling  fi 


Room-level 
cooling: 
InRoom 
Chilled  Water, 
InRoom  Direct 
Expansion, 
NetworkAIR  PA 


Row-level 
cooling: 
InRow  RC, 
InRow  RD, 
InRow  RP, 
InRow  SC 


Rack-level 

cooling: 

RackAlR 

Removal  Unit  SX, 

RackAlR  Distribution  Unit 
Rack  Side  Air  Distribution, 
Rack  Fan  Tray 


Achieve  greater 
efficiency  with 
InRow  cooling. 


1.  Hot  spot  emerges. 

2.  Row-based  temperature 
probes  send  signal  through 
intelligent  controls. 

3.  Based  on  required  cooling, 
variable  speed  fans  fire  up  or 
level  down. 

4.  With  row-based  cooling,  air 
mixing  and  overcooling  are 
prevented.  Heat  is  handled 
with  the  lowest  energy 
consumption  possible. 


■  ■■  • 
■  •  ■■ 


the  green  grid" 


APC  is  proud  to  be  a  member  of 
the  green  grid. 


Download  a  FREE  copy  of  APC  White  Paper  #137:  "Energy  Efficient 
Cooling  for  Data  Centers:  A  Close-Coupled  Row  Solution" 


by  Schneider  Electric 


Visit  www.apc.com/promo  Key  Code  j777w  •  Call  888-289-APCC  x6060  •  Fax  401-788-2797 


©2009  Schneider  Electric,  All  Rights  Reserved.  Schneider  Electric,  APC,  InRow,  and  InfraStruXure  are  owned  by  Schneider  Electric,  or  its  affiliated  companies  in  the  United  States  and  other  countries.  All  other 
trademarks  are  property  of  their  respective  owners,  e-mail:  esupport@apc.com  •  132  Fairgrounds  Road,  West  Kingston,  Rl  02892  USA  •  998-1 799  Full  details  are  available  online. 
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Open  source  fueling  software  shift 

Visionary  Augustin  says  software  distribution,  support  models  changing 


BY  JOHN  FONTANA 


Open  source  is  giving  a  mighty  boost 
to  the  enterprise  software  industry, 
changing  the  support  equation  for 
users  and  signaling  to  Microsoft  and 
other  proprietary  vendors  that  it’s 
time  to  catch  on  or  be  left  out,  according  to  Larry 
Augustin,  an  open  source  visionary  and  the  cur¬ 
rent  SugarCRM  CEO. 

Augustin,  who  took  over  SugarCRM  about 
three  months  ago,  built  his  reputation  on  his 
early  work  in  the  open  source  community  and 
during  a  stint  as  a  venture  capitalist.  He  thinks 
the  maturing  software  industry  is  showing 
signs  of  changes  that  will  redefine  the  customer/ 
vendor  relationship,  alter  current  business  and 
distribution  models,  and  fuel  cloud  computing. 

“It  wasn’t  long  ago  that  software  was  this 
mysterious  magical  stuff,”  says  Augustin,  who 
is  credited  with  helping  coin  the  term  “open 
source.” 

“Now  people  understand  software  and  they 
understand  that  many  applications  have 
matured.  We’ll  see  over  time  the  software  indus¬ 
try  reach  a  point  where  it  is  not  proprietary  vs. 
open  source,  but  the  shade  of  how  much  control 
you  want,  how  much  do  you  want  to  do  yourself, 
and  how  much  do  you  want  the  vendor  to  do,” 
Augustin  says. 

Those  control  issues,  fostered  by  having 
source  code  for  applications,  will  help  balance 
the  customer/vendor  relationship,  he  says.  In 
essence,  users  won’t  get  locked  into  applications 
that  vendors  no  longer  push  forward  even  while 
they  continue  to  collect  support  fees. 

“Open  source  in  many  way  is  a  reaction  to  the 
way  proprietary  vendors  have  locked  down 
applications,”  Augustin  says.  “Many  of  the  rea¬ 
sons  I  began  using  open  source  was  because  I 
couldn’t  get  the  support  or  the  responsiveness 
or  get  the  attention  of  the  vendor  for  the  things  I 
was  interested  in.  Via  open  source,  I  could  do  it 
myself.  I  didn’t  necessarily  want  to  do  it  myself, 
but  it  meant  I  had  that  option.” 

All  those  factors,  Augustin  says,  put  pressure 
on  vendors  such  as  Microsoft  and  others  to  con¬ 
sider  their  future  business  models. 

“Over  time  you  will  see  Microsoft  adopt  more 
open  source  principals  as  they  strive  to  continue 
to  make  Windows  relevant,”  he  says.  “They  have 
put  a  toe  in  the  water  with  their  Shared  Source 
program.  I  don’t  think  it  gets  them  there,  but  you 
can  see  them  thinking  about  it.” 

Augustin’s  SugarCRM  has  built  a  relation¬ 
ship  with  Microsoft  that  began  in  2006  with 
an  interoperability  deal  on  the  back  of  a  license 
that  is  part  of  Microsoft’s  Shared  Source  Initia¬ 
tive,  a  program  through  which  Microsoft  shares 


source  code  with  customers,  partners  and  gov¬ 
ernments  worldwide. 

Microsoft’s  recent  actions  also  back  up  Augus¬ 
tin’s  words.  Over  the  past  year  or  so,  Microsoft 
has  donated  code  to  PHR  offered  support  to  the 
Apache  Foundation,  and  just  last  month  made  its 
first  code  submission  to  the  Linux  kernel  (even 
though  it  happened  under  a  cloud  of  duress). 
Augustin  says  these  moves  show  signs  that  the 
software  industry  has  matured. 

“It  is  why  you  see  so  many  open  source  appli¬ 
cations  and  why  Microsoft  is  really  struggling,” 
he  says.  “They  are  in  a  mature  market  now  and 
trying  to  figure  out  how  to  make  changes.  IBM 
went  through  similar  change  in  the  1990s  and 
almost  went  out  of  business.” 

Augustin  says  Microsoft  has  to  figure  out  how 
to  emerge  in  an  industry  where  the  company 
cannot  simply  define  things  on  its  own.  Custom¬ 
ers  want  more  flexibility  and  openness  because 


they  have  that  understanding  of  software. 

One  big  influence  on  changes  currently  taking 
place,  Augustin  says,  was  brought  to  light  dur¬ 
ing  his  2002-2004  tenure  as  a  venture  capital¬ 
ist  at  Azure  Capital  Partners.  He  says  it  is  dear 
that  a  shift  in  software  distribution  models  gave 
open  source  a  lift. 

“There  was  this  recent  period  in  time  where 
it  was  difficult  to  get  an  enterprise  software 
company  funded,”  he  says.  “The  problem  was 
not  that  people  weren’t  creating  interesting  new 
technology,  the  problem  was  that  it  was  hard  to 
distribute  and  sell.  All  the  money  would  go  into 
sales  and  marketing.” 

But  enterprise  software  is  back,  he  says,  “and 
the  reason  why  is  open  source.  It  has  given  peo¬ 
ple  a  way  to  get  their  software  out  there  and  get 
it  distributed  and  make  its  way  into  companies 
at  a  fraction  of  the  cost  that  it  used  to  take  to  sell 
and  market  enterprise  software.” 

Successful  open  source  companies  such  as 
MySQL  (now  owned  by  Sun/Oracle),  Red  Hat, 
SpringSource  and  Hyperic  (both  now  owned  by 
VMware)  started  life  as  venture  funded  compa¬ 
nies,  he  notes. 

Augustin  is  now  eyeing  a  revolution  in  cloud 
computing  that  is  borrowing  some  of  open 
source’s  principals.  He  says  cloud  computing 


introduces  an  element  of  flexibility  that  original 
application  service  providers  and  pure  hosted 
applications  could  not  offer. 

“Now  customers  may  make  different  decisions 
on  levels  of  service  they  want  out  of  an  applica¬ 
tion  and  apply  that  where  it  makes  sense  for 
them,”  he  says. 

With  SugarCRM  today,  users  have  a  back-end 
database  they  can  move  from  internal  clouds,  to 
external  clouds,  to  hosting  environments. 

“It’s  all  the  same  database  and  all  you  have  to 
do  is  move  it  between  providers,  onto  your  own 
internal  provider  infrastructure  or  out  to  the 
cloud,”  he  says. 

Augustin  says  the  goal  is  to  provide  a  one- 
touch  or  instant  ability  to  move  the  database,  a 
process  that  would  eliminates  manual  steps. 

“You  can  imagine  that  you  could  run  [the  data¬ 
base]  on  internal  IT  infrastructure  and  have 
a  provider  with  a  warm  standby  or  vice  versa 


depending  on  what  makes  sense  for  the  end 
user,”  he  says. 

Augustin  says  SugarCRM  has  lots  of  overseas 
customers  in  places  such  as  Germany  and  India. 
‘They  want  local  hosting  providers  because  it 
gives  them  piece  of  mind  dealing  with  local  ven¬ 
dors,”  he  says.  “But  over  the  lifetime  of  the  app, 
the  customers  may  make  a  different  decision  on 
the  level  of  service  they  want  out  of  that  app  and 
where  it  makes  sense  for  them  to  run  it.  Part  of 
what  we  see  as  the  vision  around  SugarCRM  is 
making  [those  decisions]  easier.” 

Today,  only  20%  to  30%  run  their  applica¬ 
tions  off  SugarCRM’s  hosted  infrastructure,  but 
regardless  of  where  the  database  runs  the  price 
is  the  same. 

“I  like  saying  that  we  are  deployment  model 
agnostic.  Wherever  you  want  to  run,  fine  with 
us,  one  price,”  he  says. 

Augustin  says  cloud  computing  is  getting 
to  the  point  where  infrastructure  is  going  to 
become  commoditized,  which  will  enable 
even  more  flexibility  and  choice  for  running 
applications. 

“Cloud  computing  is  raising  people’s  aware¬ 
ness  to  that  fact,”  he  says.  “As  a  CRM  vendor  I 
would  rather  invest  in  the  software  than  the 
infrastructure."  ■ 


//  Over  time  you  will  see  Microsoft 
II  adopt  more  open  source 
principals  as  they  strive  to  continue 
to  make  Windows  relevant.” 


-LARRY  AUGUSTIN,  SUGARCRM  CEO 
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Powerful. 

Intelligent 


HARNESS  THE  POWER  OF 
VIRTUALIZATION  FOR  YOUR  BUSINESS 


The  IBM1'  System  x3550  M2  Express,  powered  by  the  Intel"'  Xeon4  processor  5500  series, 
is  one  of  the  industry’s  leading  x86  servers  for  virtualization.  With  its  Integrated  Management 
Module,  you  can  easily  manage,  monitor  and  troubleshoot  your  physical  and  virtual  servers 
locally  and  remotely.  Allowing  you  to  reduce  the  cost  of  managing  your  IT. 


advantage 


IBM  SYSTEM  x3550  M2  EXPRESS 

$2,589 

OR  $67/M0NTH  FOR  36  MONTHS’ 

PN:  7964-E2U 

Featuring  up  to  2  Intel®  Xeon®  processor  5500  series 
Energy-efficient  design  incorporating  low  675  W  and  92%  efficient  PS, 
6  cooling  fans,  altimeter. 


VMware®  vSphere"'  4.0  ESSENTIALS  KIT 


License,  Subscription  and  Support  required 

License  Only:  VMware  vSphere  4.0  Essentials  Kit,  3-2  Socket  Hosts, 

PN:  4817VA8  $879 

Subscription  Only:  VMware  vSphere  4.0  Essentials  Kit  -  3-2  Socket 
Hosts,  PN:  4817SA8  - 1  year,  $119 
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It’s  Microsoft  vs.  the  professors 

Both  SIGCOMM  2009  proposals  seek  to  ease  complexity  of  network  control  plane 

BYTIM  GREENE 


PortLand  streamlines  data  centers 

A  proposal  called  PortLand  simulates  a  Layer  2  environment  in  data  centers  but 
scales  larger  than  an  actual  Layer  2  network,  and  would  also  reduce  address- 
resolution  broadcasts.  The  scheme  calls  for  software  modifications  of  switches  but 
not  endpoints,  and  keeps  track  of  the  location  of  virtual  machines  as  they  migrate. 


1.  As  devices  are  added  to  the 
network,  switches  assign  them 
location  identifiers  called  pseudo 
MAC  (PMAC)  addresses  that  it 
maps  to  both  its  actual  MAC 
address  and  its  IP  address. 

2.  This  mapping  is  shared  with 
the  Fabric  Manager  server, 
which  responds  to  ARP 
requests  directed  to  it  by 
switches. 
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3.  For  traffic  headed  to  hosts,  switches  rewrite  the  PMACs  by  replacing  them  with  the 
actual  MAC  addresses  and  forwarding  the  packets  to  the  appropriate  hosts. 


Researchers  from  Microsoft  and  the 
University  of  California  at  San  Diego 
have  come  up  with  divergent  schemes 
to  address  shortcomings  of  data  center 
architectures,  particularly  manage¬ 
ment  and  configuration  burdens,  and  to  pro¬ 
mote  the  efficient  use  of  virtual  machines. 

The  two  groups  presented  their  findings  at  the 
SIGCOMM  2009  conference  last  week  in  Bar¬ 
celona,  and  each  had  its  own  flavor.  The  Micro¬ 
soft  team  sought  high  performance  for  all  traffic 
regardless  of  demand,  while  the  UCSD  team 
focused  on  allowing  the  free  migration  of  VMs, 
minimal  configuration  when  adding  new  hosts 
to  the  network  and  quickly  addressing  failures. 

Microsoft’s  researchers  also  focused  on  VM 
migration  and  Layer  2-like  addressing  but  using 
a  method  that  calls  for  installing  an  agent  on 
every  endpoint,  which  contrasts  with  the  UCSD 
group’s  plan  to  tweak  switch  software  and  leave 
the  endpoints  alone. 

The  UCSD  effort  led  by  Amin  Vahdat,  a  pro¬ 
fessor  of  computer  science  at  the  school,  pro¬ 
poses  a  blend  of  Layer  2  and  Layer  3  connectiv¬ 
ity  for  data  centers  that  enables  massive  scaling 
that  is  otherwise  limited  by  Layer  2  factors  and 
reduces  the  management  and  configuration 
demands  of  Layer  3. 

They  say  their  PortLand  protocol  could  sup¬ 
port  a  data  center  network  of  100,000  servers 
without  modifying  any  of  the  host  machines. 
The  group  presented  its  findings  in  the  research 
paper  “PortLand:  A  scalable  Fault-Tolerant 
Layer  2  Data  Center  Network  Fabric”. 

Making  the  addition  of  devices  to  the  network 
plug-and-play  —  with  no  configuration  or  modi¬ 
fication  of  end  devices  —  was  a  key  goal  of  Port- 
Land,  Vahdat  says. 

It  would  support  VM  migration,  some¬ 
thing  Layer  3  can’t  do  because  VMs  can  move 
from  server  to  server,  each  with  different  IP 
addresses.  It  also  introduces  a  flat  mechanism 
for  sharing  PortLand-assigned  media  access 
control  (MAC)  addresses  that  overcomes  the 
memory  limitations  of  most  switches  by  reduc¬ 
ing  the  size  of  the  address  tables  each  switch 
has  to  store,  Vahdat  says. 

PortLand  requires  additional  software  that 
enables  switches  to  discover  their  place  in  the 
data  center  topology.  The  software  also  enables 
switches  to  assign  a  pseudo  MAC  address  to 
each  device  that  is  directly  connected  to  them. 

Under  PortLand,  switches  maintain  tables  of 
PMAC  prefixes  and  forward  traffic  to  the  appro¬ 
priate  switch  until  the  traffic  reaches  the  switch 
the  destination  device  is  attached  to.  That  switch 
translates  the  PMAC  to  the  actual  MAC  so  the 


traffic  can  be  delivered  to  the  correct  device,  Vah¬ 
dat  says. 

To  facilitate  forwarding  traffic,  PortLand 
includes  a  Fabric  Manager  server,  which  per¬ 
forms  a  function  analogous  to  a  DNS  server 
in  resolving  URLs  with  IP  addresses.  Rather 
than  broadcast  for  address  resolution  between 
PMACs  and  the  IP  addresses,  switches  redirect 
broadcast  ARP  requests  from  their  connected 
hosts  to  the  Fabric  Manager,  which  replies  with 
the  appropriate  IP  address. 

Fabric  Manager  maintains  a  soft  state  of  the 
network  so  if  it  crashes,  it  can  reconstruct  the 
address  information  from  access  switches  in  the 
network  using  the  PortLand  protocol. 

If  Fabric  Manager  crashes,  the  time  to  continue 
communication  on  the  network  is  negligible 
because  the  protocol  reverts  to  broadcasting  for 
address  resolution,  Vahdat  says.  If  Fabric  Man¬ 
ager  is  operating,  the  lookup  runs  at  wire  speed. 

PortLand  also  respects  the  line  drawn 
between  devices  network  administrators  con¬ 
trol  and  the  hosts  controlled  by  system  admin¬ 
istrators.  Rather  than  modifying  the  host  MAC 
address  directly  using  an  agent  and  a  server,  the 
PortLand  architecture  has  the  switches  trans¬ 
late  MAC  addresses  to  PMAC  addresses.  “We 
let  the  end  host  be  what  it  is  and  make  just  small 
changes  to  the  switch  software  and  no  changes 
to  the  switch  hardware,”  Vahdat  says. 

Microsoft’s  scheme 

Microsoft’s  team,  led  by  Albert  Greenberg, 
David  Maltz  and  Parveen  Patel,  also  deals  with 


the  addressing  problem  by  introducing  a  two- 
tiered  system,  a  location-specific  IP  address 
and  an  application  specific  IP  address  that  fol¬ 
lows  applications  around  as  they  migrate  to 
new  VMs. 

Under  the  Microsoft  VL2  architecture,  each 
server  is  associated  with  the  location-specific 
IP  address  of  the  switch  it  is  attached  to.  As 
with  PortLand,  a  VL2  directory  system  maps 
the  location  IP  addresses  to  the  application  IP 
addresses.  A  VL2  agent  on  each  server  retrieves 
the  location-specific  IP  address  of  the  switch 
nearest  the  destination  server  and  encapsulates 
application  packets  inside  it. 

Deploying  an  agent  and  configuring  servers  is 
something  PortLand  avoids.  But  VL2  has  other 
features  that  PortLand  doesn’t  address.  For 
example,  VL2’s  directory  server  can  refuse  to 
provide  the  location-specific  IP  address  if  access 
policies  deny  the  initiating  server  connectivity 
to  the  destination  server.  This  gives  VL2  the  abil¬ 
ity  to  enforce  access  control. 

Microsoft’s  researchers  go  beyond  the  ambi¬ 
tions  of  PortLand  by  looking  at  data  center  traf¬ 
fic  patterns  and  designing  a  network  topology 
that  chooses  paths  for  each  traffic  flow  in  a  man¬ 
ner  that  avoids  persistent  congestion  hot  spots 
and  provides  uniform  high  capacity  between 
any  two  servers  in  the  data  center. 

VL2  calls  for  a  layer  of  highly  integrated  aggre¬ 
gation  switches  with  so  many  connections  to  a 
higher  layer  of  intermediate  switches  that  in  the 
event  of  a  failure,  performance  degrades  gradu¬ 
ally,  the  Microsoft  researchers  say.  ■ 
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Managed  security 
services  all  the  rage  in 
tough  economic  times 


IT’S  AN  UNDERSTATEMENT  to  say  that  IT  orga¬ 
nizations  face  exceptionally  challenging  times. 
For  many,  budget  cutbacks  for  2009  were  worse 
than  predicted. 

As  a  result,  many  IT  organizations  are  taking 
a  hard  look  at  what  is  and  is  not  core  to  internal 
IT,  assessing  their  teams  and  moving  people  to 
strategic  areas  to  concentrate  on  more  important 
projects.  Even  organizations  that  traditionally 
kept  services  in-house  are  assessing  whether 
to  selectively  outsource 
day-to-day  monitor¬ 
ing  and  management 
to  third  parties  in  order 
to  take  advantage  of  the 
predictable  monthly 
expense  that  managed 
services  offer.  Security 
managed  services  are 
no  exception. 

Sixty  percent  of  par¬ 
ticipants  in  Nemertes 
Research’s  2009  Spring  Benchmark  say  they’re 
planning  to  increase  their  use  of  managed  ser¬ 
vices  in  2009  and  beyond,  with  top  drivers  being 
falling  budgets,  shrinking  staffs,  a  lack  of  spe¬ 
cialized  expertise  and  rising  demand  to  support 
more  complex  applications.  The  increasingly 
distributed  workforce  also  play  a  role  because 
managing  remote  sites  poses  a  particular  chal¬ 
lenge  to  IT  (which  is  often  highly  centralized). 

In  the  branch  office,  this  trend  has  acceler¬ 
ated  dramatically.  In  2006,  27%  of  research 
participants  were  using  some  form  of  managed 
services.  By  2008  that  number  had  more  than 
doubled  to  65%  and  in  2009  60%  of  participants 
are  expanding  their  use  of  managed  services. 

Managed  security  services  were  used  by  47% 
of  participants  in  our  benchmark.  Among  small 
and  midsize  businesses  (SMB),  46%  were  using 

News  Alerts 

Hate  hunting  for  stories  on  a  specific 
topic?  Let  the  news  come  to  you  with 
Network  World’s  latest  news  alerts 
focusing  on  security,  financials,  stan¬ 
dards,  trade  show  news  and  vendor-spe¬ 
cific  news,  www.nwdocfinder.com/1002 


managed  security  services.  Almost  50%  were 
also  outsourcing  business  continuity  planning 
and  disaster  recovery  services,  (slightly  less  at 
32%  for  SMBs).  Security  managed  services  cover 
many  different  types  of  services,  from  antispam 
in  the  cloud  to  managed  on-premise  firewalls. 
Whereas  carriers  dominate  most  areas  of  man¬ 
aged  services,  in  security  they  are  selected  by 
37%  of  outsourcing  buyers.  Most  managed 
security  services  are  bought  from  system 
integrators  (42%)  with 
the  rest  bought  from 
regional  or  specialty 
providers  (21%).  This 
is  not  surprising  since 
security  services  were 
first  offered  by  specialty 
providers  and  system 
integrators.  Nemertes 
Research  expects  to  see 
a  shift  in  the  market  as 
more  of  these  services 
are  provided  by  carriers. 

As  noted  in  previous  articles,  cost  is  not  the 
only  or  even  leading  criterion  for  selecting 
a  managed  security  service  provider.  In  our 
research  we  find  that  the  breadth  of  services 
offered  is  the  top  criterion,  followed  by  cost. 
Third  is  the  cost  to  implement  (start-up  costs), 
then  geographical  reach  of  the  provider  and 
the  length  of  time  they  have  been  in  business. 
Security  is  clearly  not  a  “lowest  cost”  service 
and  there  is  a  significant  element  of  trust,  which 
influences  the  decision  too. 

Once  a  security  service  is  outsourced,  most 
companies  (60%)  rate  their  outsourcing  engage¬ 
ment  as  a  success.  They  evaluate  the  success 
based  on  a  range  of  criteria,  highest  being  a 
properly  structured  service-level  agreements, 
followed  by  a  properly  structured  contract  and 
good  communication  with  the  provider  man¬ 
agement.  Getting  outsourcing  to  work  well  is 
not  easy,  but  it  is  a  worthwhile  investment  as  it 
can  deliver  predictable  cost  and  a  consistent  and 
verifiable  security  posture.  ■ 

Antonopoulos  is  senior  vice  president  and 
founding  partner  at  Nemertes  Research,  an 
independent  technology  research  firm.  He  can 
be  reached  at  andreas@nemertes.com. 
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DNS  ‘blacklist’  unveiled 

Nominum’s  TRUE  architecture  steers  users  away  from  botnets,  phishing  sites 


BY  CAROLYN  DUFFY  MARSAN 


ominum  plans  to  announce  this  week  a  novel  DNS  security  capa¬ 
bility  that  functions  like  a  spam  blacklist,  providing  automated, 
real-time  checking  of  DNS  queries  against  a  list  of  Web  sites  that 
are  known  to  be  malicious. 

Nominum’s  Trusted 
Response  and  Universal  Enforce¬ 
ment  (TRUE)  architecture  is  already 
in  use  by  several  ISPs  supporting  a 
combined  100  million  broadband 
households.  Nominum  wouldn’t 
identify  these  ISPs,  but  its  Web  site 
says  its  carrier  customers  include 
Verizon,  Sprint,  NTT  Communica¬ 
tions  and  many  other  major  industry 
players. 

Now  Nominum  is  making  its 
third-generation  DNS  software  that 
features  the  TRUE  architecture  avail¬ 
able  to  corporations  and  other  enter¬ 
prise  customers. 

“We  see  a  trend  in  the  service  pro¬ 
vider  market,  a  distinct  shift  towards 
intelligent  DNS  solutions.  The  major¬ 
ity  of  our  customer  base  has  already 
made  this  move,”  says  Bruce  Van  Nice, 
marketing  director  for  Nominum. 

‘There’s  no  reason  why  enterprises 
aren’t  ultimately  going  to  do  the  same 
thing.  We’re  quite  convinced  that  this 
is  the  wave  of  the  future.” 

Nominum’s  latest  offering  is  not 
DNSSEC,  the  DNS  Security  Exten¬ 
sions  that  prevent  a  specific  type  of 
attack  known  as  cache  poisoning, 
where  a  user  is  unknowingly  redi¬ 
rected  to  a  fake  Web  site.  DNSSEC 
adds  a  layer  of  encryption  to  the 
DNS  so  that  Web  sites  can  verify 
that  their  IP  addresses  and  domain 
names  match.  DNSSEC  has  been 
much  hyped  in  the  past  year  since  the 
Kaminsky  DNS  bug  was  discovered. 

While  promising,  DNSSEC  won’t 
offer  complete  protection  against 
cache  poisoning  attacks  until  it  is 
deployed  across  the  entire  DNS  hierarchy,  from  the  DNS  root  servers  to 
domains  such  as  .com  and  .net  to  individual  domain  names.  The  U.S.  fed¬ 
eral  government  has  announced  plans  to  have  DNSSEC  deployed  across 
the  root  servers  and  its  .gov  domain  by  year-end,  and  VeriSign  says  it  will 
deploy  DNSSEC  across  .com  and  .net  by  2011. 

Nominum  says  its  TRUE  architecture  is  an 
interim  step  towards  enhancing  DNS  security 
that  can  be  adopted  immediately.  Nominum 
says  its  blacklist  approach  is  complementary  to 
DNSSEC  because  it  addresses  all  types  of  known 
DNS  threats,  not  just  cache  poisoning  attacks. 

“Our  intelligent  DNS  reduces  the  time  window 


that  attackers  have  enjoyed  in  the  past  to  run  their  exploits,”  Van  Nice  says. 
‘The  idea  is  to  get  ahead  of  the  attackers.  The  moment  a  threat  is  identified, 
it  can  be  propagated  across  a  very  large  network  automatically  with  no 
operator  intervention  required.” 

Nominum’s  TRUE  architecture  helps  organizations  steer  their  users 

away  from  Web  sites  that  control 
botnets,  engage  in  phishing  or  pro¬ 
vide  other  types  of  illegal  content.  If  a 
user  tries  to  access  one  of  these  sites, 
Nominum’s  software  automatically 
brings  up  a  warning  Web  page. 

Nominum  says  its  dynamic,  intelli¬ 
gent,  policy-based  DNS  system  over¬ 
comes  many  shortcomings  of  legacy 
DNS  systems  such  as  the  popular 
BIND  9.0  open  source  software  or 
DNS  appliances  offered  by  its  com¬ 
petitors.  For  example,  a  major  flaw 
in  BIND  9.0  was  announced  in  July 
that  required  an  immediate  patch  to 
prevent  denial-of-service  attacks. 

“Legacy  DNS  is  becoming  obsolete,” 
Van  Nice  says.  “With  legacy  DNS,  a 
subscriber  clicks  on  a  link  and  the 
browser  sends  off  a  DNS  query  and 
the  DNS  looks  at  the  query  and  goes 
off  and  talks  to  the  authoritative  DNS 
servers  and  the  answer  is  transmitted 
back  to  the  users...The  DNS  doesn’t 
know  if  the  destination  is  malicious. 
With  our  system,  you  can  take  advan¬ 
tage  of  other  databases  and  directo¬ 
ries  of  malicious  sites  and  use  that 
knowledge  to  protect  the  end  user.” 

Nominum’s  software  provides 
automated  and  immediate  response 
to  new  DNS  threats  as  well  as  a  real¬ 
time  analysis  and  reporting  tool  that 
allows  network  managers  to  spot 
DNS  usage  trends  that  might  indi¬ 
cate  malicious  code  installed  on  user 
systems. 

Nominum  says  its  TRUE  archi¬ 
tecture  tracks  160  million  sites  that 
are  known  to  be  malicious.  “That’s  a 
large  number  of  bad  sites,”  Van  Nice 
says.  “As  more  are  discovered,  they 
are  immediately  reflected  in  the  network  for  enforcement.” 

Nominum  offers  its  TRUE  architecture  as  a  traditional  software  pack¬ 
age  that  runs  on  dedicated  servers  that  enterprises  must  own  and  operate, 
but  company  officials  hinted  that  they  may  introduce  a  hosted  offering. 
“Our  solution  is  only  available  as  special-purpose  software,”  says  Gopala 
Tumuluri,  vice  president  of  marketing  and 
business  development  at  Nominum.  “Some  of 
the  very  large  enterprises  with  highly  distrib¬ 
uted  networks  want  to  do  DNS  on  their  own, 
but  many  mid-  to  small  enterprises  want  it  as 
a  hosted  service  and  to  outsource  it.  Stay  tuned 
on  that  front.”  i$l 
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TECHUPDATE 

An  inside  look  at  technologies  and  standards 


'Soft’  WAN  optimization  tools 


BY  JANE  SHURTLEFF 


|  or  years  the  only  solutions  for  WAN  opti¬ 
mization  have  been  hardware  appliances. 
But  WAN  optimization  and  application 
acceleration  technologies  have  leveraged 
virtualization  technology  to  give  birth  to 
software-based  appliances  that  deliver  the  per¬ 
formance,  flexibility  and  cost-efficiencies  agile 
enterprises  require. 

There  are  many  hardware  products  on  the 
market  that  use  virtualization  technology,  but 
the  question  is:  do  they  really  leverage  the  ben¬ 
efits  of  virtualization  or  just  the  buzz? 

A  true  virtual  appliance  is  software 
running  on  a  hypervisor  that  can  be 
provisioned  and  scaled  to  the  available 
system  resources  of  the  virtual  machine 
(VM)  environment.  And  any  virtual 
appliance  worth  its  salt  must  be  man¬ 
aged,  controlled  and  deployed  by  the  VM 
management  tools  as  an  integral  compo¬ 
nent  within  the  virtual  environment. 

Hardware  WAN  optimization  and 
application  acceleration  solutions  typi¬ 
cally  host  some  virtualization  capabili¬ 
ties  by  providing  a  limited  virtualization 
session  on  top  of  the  appliance’s  stan¬ 
dard  operating  system.  These  appliances 
do  not  support  full  hypervisors,  mainly 
because  the  appliance  requires  control  of 
the  system  resources. 

The  hardware  appliance,  the  virtual¬ 
ization  container  and  any  application 
running  in  the  virtualization  container 
are  all  disconnected  from  the  virtualiza¬ 
tion  management  system.  Without  the 
support  of  a  full-fledged  hypervisor,  hardware 
appliances  cannot  take  advantage  of  the  scal¬ 
ability,  flexibility  and  manageability  benefits  of 
going  virtual. 

Newer  software-based  virtual  appliances 
deliver  the  same  optimization  benefits  of  data 
compression,  history  caching  and  traffic  de- 
duplication  with  the  added  benefit  of  these  pro¬ 
cesses  being  managed  by,  and  leveraging  the 
tools  of,  virtualization  environments. 

Here  are  five  reasons  to  “go  soft”: 

1.  Industry  standard.  Software  virtual  appli¬ 
ances  running  on  industry  standard  servers  and 
VM  hypervisors  accelerate  server  consolidation 
initiatives,  eliminating  appliance  sprawl  and  the 
powering,  cooling  and  management  costs  for  all 
of  that  extraneous  hardware.  Virtual  appliances 
can  also  run  alongside  other  applications  with¬ 
out  limitation. 

2.  Leveraging  the  benefits  of  virtualization. 

A  true  virtual  appliance  can  take  advantage  of 
the  core  benefits  of  a  VM,  including: 

■  Dynamic  resource  allocation  and  sharing 


can  be  applied  to  application  acceleration 
virtual  appliances,  adjusting  capabilities 
to  match  changing  business  needs. 

Virtual  appliances  can  also  be  dynamically 
moved  or  a  separate  instance  can  be 
started  without  disrupting  processes. 
Since  virtual  appliances  can  run  alongside 
other  VM  applications  there  is  less 
underutilization  of  system  resources. 

A  virtual  appliance  leverages 
the  high  availability  features  of 
a  virtual  environment,  working 
around  soft  or  hard  failures. 


Hardware  vs.  virtual  appliance 

A  three  year  TCO  based  on  a  single  data  center 
supporting  27  branch  offices  with  30,000  users. 


Costs 

Hardware 

appliance 

Virtual 

appliance 

Acquisition  costs 

$2,660,000 

$969,860 

Power 

$25,806 

$8,602 

Cooling 

$32,266 

$10,755 

Real  estate 

$14,654 

$4,885 

Network 

$10,064 

$3,355 

Operations 

$127,466 

$42,489 

Maintenance 
and  support 

$1,436,400 

$523,724 

Three  year  TCO 

$4,306,656 

$1,563,670 

3.  Performance  and  scalability.  The  perfor¬ 
mance  of  virtual  appliance  software  is  equal  to 
hardware  appliances  in  reducing  application 
response  time  and  bandwidth  utilization.  The 
scalability  of  the  virtual  appliance  compared 
with  scalability  of  a  hardware  appliance  is 
where  the  rubber  meets  the  road.  Virtual  appli¬ 
ances  scale  to  support  more  concurrent  opti¬ 
mized  network  connections  per  VM  with  the 
addition  of  CPU,  memory  or  storage. 

The  number  of  concurrent  optimized  network 
connections  for  an  appliance  is  commonly  fixed 
by  the  size  of  the  hardware  platform  and/or 
licensing  restrictions  and  requires  overpriced 
or  fork  lift  hardware  upgrades  as  enterprises 
expand  capabilities  and  services.  Virtual  appli¬ 
ances  will  scale  as  system  resources  are  added, 
enabling  a  more  cost-efficient  path  to  supporting 
more  users. 

4.  Central  deployment  and  management. 

Virtual  appliance  software  makes  deployment 
and  management  of  WAN  optimization  and 
application  acceleration  fast  and  easy.  Virtual 


appliance  images  can  be  deployed  and  provi¬ 
sioned  via  VM  central  management  systems. 
With  virtual  appliances,  it’s  possible  to  cen¬ 
trally  manage  software  distribution,  setup  and 
updates. 

Virtual  appliances  also  enable  the  grow¬ 
ing  number  of  mobile  workers  to  reap  remote 
access  performance  benefits  wherever  they  are. 
A  virtual  appliance  can  be  deployed  directly 
onto  desktops  and  laptops  without  requiring  a 
physical  appliance  to  be  located  at  a  local  branch 
office  to  manage  client  licensing  or  provisioning 
for  those  users. 

5.  Lower  cost.  Lowering  IT  total  cost 
of  ownership  (TCO)  in  today’s  economic 
environment  is  the  most  compelling 
reason  to  go  with  virtual  appliances 
for  WAN  optimization  and  application 
acceleration.  Virtualized  application 
acceleration  can  result  in  as  much  as  a 
60%  lower  three  year  TCO  compared 
with  deploying  hardware.  Virtual  appli¬ 
ances  can  offer  cost  savings  in  everything 
from  acquisition  costs  to  real  estate  and 
maintenance  and  support  expenditures. 

For  enterprises  that  are  looking  to 
reduce  costs  and  simplify  IT  infrastruc¬ 
tures  via  virtualization,  or  those  that  are 
considering  deploying  cloud  comput¬ 
ing  environments,  more  cost-efficient 
and  flexible  virtual  appliances  for  WAN 
optimization  and  application  accelera¬ 
tion  are  essential  to  success.  The  differ¬ 
ences  between  hardware  appliances  and 
virtual  appliances  can  be  calculated  in 
dollars  and  by  how  the  solution  fully 
supports  virtualized  infrastructures  and 
leverages  virtualization  benefits. 

What  the  comparison  ultimately  comes  down 
to  is  the  application  performance  experience  and 
the  hard  numbers.  The  proof  of  any  compari¬ 
son  like  this  is:  put  a  virtual  appliance  next  to  a 
hardware  appliance  and  test  the  capabilities  in 
your  own  sandbox  with  your  most  performance- 
challenged  applications.  But  to  really  appreci¬ 
ate  the  value  of  deploying  virtual  appliances 
for  application  acceleration,  perform  your  own 
TCO  comparison  to  see  how  going  soft  can  sig¬ 
nificantly  bring  down  your  hard  IT  costs.  ■ 

Shurtleff  is  director  of  marketing  for  Certeon. 


This  vendor-written  tech  primer 
has  been  edited  by  Network  World 
to  eliminate  product  promotion, 
but  readers  should  note  it  will  likely 
favor  the  submitter's  approach. 
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ADVERTISEMENT 


CASE  STUDY 

Unified  Communications 

Bringing  New  Meaning  to  “Legal  Ease” 


Rod  Sagarsee,  CIO 

BRINKS  HOFER  GILSON  &  LIONE 

Sagarsee  has  been  the  leader  of  the  law  firm's  IT  department  since  1996 
and  has  been  CIO  since  2003,  He  has  more  than  25  years  of  experience  in 
the  technology  industry. 


Unified  communications  is  changing 
how  Brinks  Hofer  Gilson  &  Lione,  a 
Chicago-based  intellectual  property  law 
firm,  does  business.  Chief  information 
officer  Rod  Sagarsee  discusses  how  the 
adoption  of  VoIP  is  helping  Brinks  to 
enhance  attorney  productivity  and  take 
client  service  to  new  heights. 

What  was  the  communications 
challenge  facing  Brinks? 

The  field  of  law  is  very  demanding  of 
technology,  especially  around  voice.  Yet, 
we  had  antiquated  phones  with  limited 
voice  functionality,  zero-converged 
networking  capabilities  and  unaccept¬ 
able  bandwidth— all  of  which  flies  in  the 
face  of  exceptional  client  service.  We 
needed  to  develop  a  unique  topology 
and  network  infrastructure  that  would 
support  new  voice  protocols  and  unified 
communications,  as  well  as  consistent 
five  9s  QoS.  VoIP  was  definitely  going 
out  on  a  limb,  but  it’s  our  job  to  provide 
our  attorneys  with  every  opportunity  to 
accomplish  their  goals  and  Avaya  was  the 
best  way  to  do  that. 

How  has  that  been  resolved? 

The  Avaya  solution  has  given  our  users 
an  entirely  different  way  to  communicate 
and  serve  clients  through  a  converged 
network  topology.  It  has  taken  our  firm 
from  a  single-line  phone  and  voice- 
mail  mentality  to  that  of  multiple  lines, 
converged  voicemail  and  email,  instant 


notification,  toll-free  conferencing  and 
complete  mobility  In  fact,  our 
attorneys  can  use  whatever  mobile  device 
they  want.  And,  Avaya’s  non-proprietary 
nature  allows  for  integration  with  other 
systems,  like  Microsoft  solutions.  Our 
firm  is  now  on  the  forefront  of  emerging 
technology— collaborating  and  servicing 
clients  instantly  with  voice,  video  and 
data  from  anywhere. 

What  are  some  of  the  resulting 
benefits? 

We’ve  reached  a  whole  new  level  in 
communication.  Attorneys  can  handle 
multiple  calls  at  the  same  time,  receive 
immediate  notification  of  new  messages 
no  matter  where  they  are,  extend  calls  to 
their  cellular  phones,  initiate  meet-me 
conference  calls  and  more.  They  can 
even  integrate  impromptu  video  and 
desktop  sharing  of  data  and  documents. 
These  valued-added  functions  have 
given  us  a  competitive  advantage  in  terms 
of  productivity  and  client  services.  Ad¬ 
ditionally,  we’ve  lowered  our  TCO  by  cut¬ 
ting  $18,000  per  month  in  phone  charges 
and  eliminating  third-party  conference 
service  charges. 

Technically  speaking,  the  steady  dial  tone 
gives  my  team  much-needed  peace  of 
mind.  Also,  little  to  zero  server-level  and 
switch-level  maintenance,  coupled  with 
reduced  front-end  user  maintenance,  is 
a  dream  come  true.  Most  importantly, 


we  now  have  a  foundation  for  mass 
expansion,  additional  bandwidth  and  the 
ability  to  support  higher-level  unified 
communications. 

What  did  it  take  to  roll  out  the 
new  network? 

Our  users  are  accustomed  to  24/7  un¬ 
interrupted  service,  so  replacing  400+ 
phones  and  switching  to  Avaya  was  a 
significant  undertaking.  I’m  fortunate  to 
work  with  a  highly  skilled  team  and  we 
accomplished  it  all  over  one  weekend— 
transparently  to  users  who  left  on  Friday 
and  returned  on  Monday  to  new  phones 
and  capabilities.  And,  we  did  it  with  very 
little  third-party  assistance. 

What  advice  would  you  give  those 
considering  unified  communications? 

Research,  plan,  test  and,  most  important¬ 
ly,  openly  communicate  with  and  train 
your  users  well  ahead  of  implementation. 
Communication  puts  users  at  ease  and 
lets  them  know  that  it’s  still  just  a  phone. 
After  all,  it’s  often  the  unknown  that  over¬ 
whelms  users,  not  the  actual  technology. 
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GEARHEAD  BY  MARK  GIBBS 


The  Twitter  Sentimeter,  Part  Drei 


kk 


I  found  a  tool  that  you 
absolutely  need  to  have 
installed  and  know  how  to 
use  it:  Microsoft’s  Fiddler.” 


movie.  I  then  found  that  one  of  my  first  problems  was  caching  because 
browsers  cache,  ASP.NET  caches,  and  so  does  OpenAmplify.  My  Flash 
movie  would  make  its  first  request  and  then  get  back  the  same  answer  for 
subsequent  requests  for  about  10  minutes.  Very  annoying  so  all  caching 
had  to  be  eliminated. 

Getting  rid  of  OpenAmplify’s  caching  was  easy:  All  I  had  to  do  was  add 
“cache=disable”,  which  is  one  of  the  new  param¬ 
eters  in  the  recently  released  1.1  version  of  the 
API.  Then  I  had  to  disable  ASP.NET’s  caching, 
which  took  a  little  research  and  fooling  around 
to  get  the  ASP  pages  to  compile  cleanly  (really 
Microsoft,  do  the  ASP.NET  error  messages  have 
to  be  quite  so  opaque  and  vague?  Really?).  Now 
I  could  get  a  fresh  response  for  each  request. 

But  hold  on!  Every  now  and  then  the  Sentimeter  would  still  show  “Error 
#2032”!  As  far  as  Flash  was  concerned  the  movie  was  loaded  from  and 
every  request  made  to  the  same  domain  so  something  else  was  going  on. 

And  here’s  where  I  found  a  tool  that  you  absolutely  need  to  have  installed 
and  know  how  to  use  it:  Microsoft’s  Fiddler,  a  free  Web  debugging  proxy 
that  works  with  all  Web  browsers  and  applications  and  is  simply  excellent 
(I  give  Fiddler  a  5  out  of  5  rating).  Fiddler  can  log  all  HTTP  and  HTTPS 
traffic  so  you  can  inspect  it,  set  breakpoints  and  “fiddle”  with  incoming  or 
outgoing  data.  It  also  includes  “a  powerful  event-based  scripting  subsys¬ 
tem,  and  can  be  extended  using  any  .NET  language.”  Next  week:  What  I 
found  with  Fiddler.  # 


SO,  THE  SENTIMETER,  my  almost  real-time 
Twitter  sentiment  analysis  tool.  If  you  need  to 
catch  up  on  where  we’re  at  you  can  check  out  the 
Gearhead  columns  from  last  week  and  the  week  before. 

I  chose  to  build  the  Sentimeter  using  Xcelsius,  a  development  system 
that  lets  you  attach  visual  and  functional  components  to  Excel  spread¬ 
sheets  and  then  generate  a  Flash  movie. 

I  ended  last  week  with  a  rough  description  of 
my  homemade  ASP.NET-based  proxy  server, 
which  I  created  because  the  Flash-based  Xcelsius 
is  constrained  by  the  security  sandbox  model  that 
the  Flash  player  enforces.  This  model  prevents 
access  to  domains  other  than  the  one  you  get  a 
Flash  movie  from  to  prevent  crossdomain  script¬ 
ing  exploits.  You  can  implement  a  crossdomain  policy  file  on  your  Web  site 
to  allow  other  domains  to  be  accessed  but  this  didn’t  seem  to  work  for  me 
as  no  matter  what  my  crossdomain  policy  declared,  my  Xcelsius  movies 
kept  producing  “Error  #2032”. 

As  I  couldn’t  get  rid  of  the  dreaded  “Error  #2032”  with  a  crossdomain 
policy  and  I  needed  to  call  multiple  APIs  (Twitter’s  Search  API  and  the 
OpenAmplify’s  API)  after  the  Sentimeter  tool  was  loaded  from  my  server 
so  using  a  proxy  service  seemed  like  a  good  idea.  Another  compelling  rea¬ 
son  for  using  a  proxy  is  that  Xcelsius  lacks  a  whole  passel  of  features  that 
would  make  interacting  with  Web  services  easy  (for  example,  it  has  no 
functions  to  URL  encode  data). 

I  hacked  up  some  ASP.NET  code  using  VB  scripting  and  voila!  I  could 
make  a  simple  request  to  my  server  and  it  created  the  correct  URLs  and 
dispatched  the  request  and  then  passed  the  returned  data  back  to  the 


Gibbs  has  been  known  to  fiddle  in  Ventura,  Calif.  Your  twitch  to  gear- 
head@gibbs.com. 


COOLTOOLS  BY  KEITH  SHAW 

The  new  car  stereo  system 


A  FEW  MONTHS  ago  I  ditched  my  satellite  radio 
service,  which  I  turned  to  when  I  decided  to 
ditch  regular  radio  a  few  years  before.  My  cur¬ 
rent  choice  of  entertainment  for  my  25-minute-or-so 
commute  to  and  from  work  is  my  iPhone,  along  with 
streaming  music  service  applications  such  as  Pan¬ 
dora,  Slacker  and  AOL  Radio  (for  some  reason,  I  love 
listening  to  NYC  radio  station  1010  WINS  even 
while  driving  on  the  Mass  Pike).  Sometimes  I 
will  just  listen  to  one  of  my  iPod  playlists. 

To  accomplish  this,  I  use  an  FM  radio  trans¬ 
ceiver  device  that  broadcasts  the  music  from  the  iPod 
into  my  car  stereo’s  speakers.  These  devices  have  been  around  for  years, 
ever  since  someone  decided  he  wanted  to 
listen  to  an  iPod  in  the  car. 

The  additional  wrinkle  these  days  is 
keeping  the  iPhone’s  battery  charged 
while  streaming  the  music  services  to  the 
device,  which  on  the  commute  relies  on 
the  iPhone’s  3G  wireless  network,  a  known 

battery  life  killer.  FM  transmitter  device  makers  (including  Belkin 
and  Griffin  Technologies)  started  including  recharging  capa¬ 
bilities  via  the  car’s  cigarette/power  adapter,  keeping  the  device 
charged  while  you  listen  to  the  music.  My  device  of  choice  was  the 
RoadTrip  with  Smart  Scan  device  from  Griffin. 

The  only  thing  missing  was  the  ability  to  answer  a  phone  call  and 
have  the  conversation  come  out  of  the  car  stereo  speakers,  which  is  why  I 
was  excited  to  receive  the  TuneBase  FM  with  Hands-Free  device  ($89.99) 


TuneBase  FM  from 
Belkin  has  that  new  car 
stereo  system  smell. 


from  Belkin.  Like  other  TuneBase  systems,  the  device  includes  an  iPod/ 
iPhone  recharger  and  FM  transmitter,  but  it  also  includes  a  button  that  can 
answer  an  incoming  call  and  play  the  caller’s  voice  through  the  car  stereo 
speakers.  This  seems  to  complete  the  trifecta  of  features 
that  let  you  create  “the  new  car  stereo  system”  by  uti¬ 
lizing  your  iPhone,  a  couple  of  streaming  music 
applications,  and  the  FM  transmitter/charger/ 
speaker  phone  (someone  needs  a  better  term 
for  this  type  of  gadget). 

But  like  all  first-generation  concepts,  the 
speaker  phone  component  needs  some  work.  Adjusting 
the  volume  takes  some  practice,  and  I  was  generally  yell¬ 
ing  into.the  phone  like  I  was  on  a  speaker  phone  (especially  with  outside 
noise  while  driving).  T urning  up  the  car  speaker  volume  in  order  to  hear 
the  caller  only  increased  the  chance  of  hearing  static  from  the  FM  radio 
—  despite  a  very  good  ClearScan  feature  that  scans  the  airwaves  to  get 
the  “clearest  FM  station”  to  allow  you  to  transmit.  In  the  end,  I  preferred 
answering  the  call  via  a  noise-canceling  Bluetooth  headset,  rather  than 
use  the  feature. 

But  here’s  a  fringe  benefit  from  this  device  —  the  updated  software 
on  the  iPhone  3G  (and  the  newer  3GS  model)  allows  for  turn-by- 
turn  directions,  and  with  some  navigation  applications  you  can 
use  the  FM  transmitter  to  hear  the  directions  through  the  car  ste¬ 
reo  speakers.  So  not  only  will  you  have  a  new  car  stereo  system,  but 
a  GPS  system  as  well. 

Grade  ★★★★(out  of  five)  ■ 

Shaw  can  be  reached  at  kshaw@nww.com. 
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CA  Spectrum  solutions  help  you  pinpoint  and  solve  information  flow 
problems  across  the  IT  infrastructure  —  networks,  physical  and  virtual 
systems,  databases  and  applications  —  before  they  impact  your  end  users. 
Eliminate  costly,  labor-intensive  oversight  and  deliver  seamless  service 
with  payback  in  under  a  year.  That's  the  power  of  lean. 


Read  the  IDC  white  paper  on  CA  software  and  ROI  at  ca.com/spectrum/value 
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Software 


Virtualization  technolo 
spreads  to  every  corner 
of  the  IT  infrastructure 


it  From  its  genesis  in  x86-based  servers, 
virtualization  technology  has  spread  rapidly 
into  storage  and  the  network.  Today,  it’s  at 
your  desktop,  in  vour  processors  and  memory, 
and  in  your  switches.  It’s  shaping  hardware 
and  software  appliances  —  heck  it’s  even  in 
you  r  sm  ar  tph  ones. 

Tom  Nolle,  CEO  of  CIMI.  a  high-tech  consult¬ 
ing  firm,  describes  three  essential  missions  for 
virtualization.-  as  a  client  technology .  as  a  server 
technology  and  as  a  network  technology.  These 
three  areas,  he  says,  are  converging  around  the 
idea  of  cloud  computing. 

On  the  winding  route  from  that  first  server 
virt  ualization  project  to  the  cloud  of  tomorrow, 
you  never  know  where  virtualization  \\  ill  wind 
up  next.  But  watching  leading-edge  enterprises 

Can  prOVide  a  cllie.  S<r  Changing.  ptigcM) 


it  ail  t 
starred 

with  \86  server  virtualization, 
which  triggered  data  center 
consolidation,  and  made  cloud 
computing  possible.  This  series 
of  stories  describes  how  virtual¬ 
ization  is  revolutionizing  the 
worlds  of  storage,  networking, 
switching,  management  and 
desktop  computing. 

Virtual  desktops  to  the  rescue 

VD1  gets  the  nod  at  Kentucky  healthcare 
provider,  Pap  32 

Eye  on  management 

Quest  for  single  pane  of  glass  leads  to 
multi-vendor  management  tools.  Page  34 

IT  execs  slow  to  bite 
on  virtual  appliances 

Software  and  hardware  virtual  appliances 
offer  easy  and  quick  installation,  but  buyers 
remain  wary.  Page  36 

\  Virtual  switches  get  the  nod 

As  virtualization  spreads  to  the  network, 
the  spotlight  turns  to  virtual  switches, 

V  Page  38 

1 1  Bare-metal  hypervisors: 

A  new  Wrinkle 

Emerging  technology  creates  additional 
•  flexibility  in  virtual  environments.  Page  40 
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newdatacenter 


Si  Changing,  from  page  28 

Dell,  for  example,  is  well  into  its  third-gener¬ 
ation  phase  of  virtualization  and  is  strategizing 
about  the  fourth.  Virtualization  has  become  the 
company’s  main  computing  platform  and  a  fun¬ 
damental  part  of  its  enterprise  infrastructure,  as 
well  as  having  opened  a  smarter  path  for  growth, 
says  Matt  Brooks,  senior  enterprise  architect  for 
the  company. 

Dell’s  commitment  to  virtualization  translates 
into  a  mindboggling  6,200  virtual  machines  in 
use  —  roughly  2,500  in  production  and  another 
3,700  in  test  and  development. 

“We’ve  gone  from  a  consolidation  to  a  contain¬ 
ment  focus ... .  The  next  stage  we  see,  which  we’re 
moving  into  now,  is  creating  an  optimized  envi¬ 
ronment  where  we  push  all  of  our  workload  needs 
onto  a  platform  that’s  managed  around  aggregate 
capacity,”  Brooks  says.  This  applies  to  data  center 
refreshes  or  new  servers  —  virtual  or  otherwise 
—  and  requires  tighter  control  of  how  IT  manages 
capacity,  he  adds. 

From  there,  Brooks  continues,  Dell  can  make  the 
leap  to  an  automated  data  center  (otherwise  called 
the  real-time  infrastructure  or  a  private  cloud)  in 
which  the  physical  and  virtual  environments  are 
managed  as  one. 

“This  is  about  being  able  to  extend  the  man¬ 
agement  and  computing  efficiencies  we  see  with 
virtualization  into  the  physical  environment.  A 
lot  of  this  involves  moving  the  workload  back  into 
external  storage,  the  network  or  the  transactional 
layer,”  he  says.  “We’d  have  a  singular  provision¬ 
ing  process,  whereas  today  we  have  a  provisioning 
process  —  a  very  efficient  one  —  designed  around 
virtualization  and  another  one  for  the  physical 
platform." 

Once  workloads  move  off  the  server,  Dell  gains 
efficiencies  and  lots  more  flexibility,  Brooks 
says.  “We’d  be  able  to  tag  a  policy  specifically  to  a 
workload  and  say,  ‘This  workload,  based  on  this 
schedule,  this  service-level  agreement  or  these 
capacity  requirements,  needs  to  consume  the 
entire  resources  of  this  server  for  a  certain  period 
of  time  and  then  maybe  move  and  join  the  rest  of 
the  virtualized  workloads.’” 

Information,  workloads 
and  workspaces 

Workload  virtualization  is  one  of  three  next  steps  that  leading-edge 
enterprises  are  taking  in  their  move  to  the  100%  virtual  data  center  of 
the  future,  says  Tony  Bishop,  CEO  of  IT  consulting  firm  Adaptivity  and 
onetime  overseer  of  Wachovia’s  pioneering  virtualization  initiatives. 
Information  virtualization  comes  first,  with  workspace  virtualization 
the  result. 

With  information  virtualization,  an  enterprise  is  able  to  assemble 
a  single  view,  or  profile,  of  a  client  by  bringing  together  information 
stored  in  multiple  repositories.  “Let’s  say  I  have  a  platinum  customer 
with  12  accounts.  I  don’t  want  to  make  that  customer  go  into  each 
account.  I  want  a  single  profile  —  and  this  is  possible  with  information 


virtualization,”  Bishop  says. 

He  points  to  Composite  Software,  whose  Com¬ 
posite  Information  Server  pulls  together  and  pres¬ 
ents  flat-file  and  relational  data  in  this  way;  and 
Endeca  Technologies,  whose  Information  Access 
Platform  does  the  same  for  unstructured  content, 
such  as  PowerPoint  presentations,  videos  and 
Word  documents.  “Information  virtualization  is 
going  to  be  big,”  Bishop  predicts.  “If  I  can’t  get  to 
the  information  I  need,  right  away,  the  benefits  of 
virtualization  will  become  limited.  You  need  to  do 
more  than  virtualize  the  infrastructure.” 

The  same  could  be  said  of  the  workload.  “If  I 
can’t  move  the  workload  around  to  where  the  pro¬ 
cessing  and  resources  are  that  best  fit  what  I’m 
trying  to  do,  then  I’m  not  able  to  take  advantage 
of  the  elasticity  and  fluidity  expected  of  virtual¬ 
ization,”  Bishop  says. 

In  the  case  of  that  platinum  customer,  IT  sys¬ 
tems  should  recognize  its  requests,  then  send 
the  workload  to  the  best  resources  —  physical 
or  virtual  —  for  meeting  the  service  levels  or 
response  times  appropriate  to  that  client  level. 
“The  business  could  say,  ‘I  don’t  care  what’s  going 
on,  platinum  customers  have  to  have  blink-of-an- 
eye  response  times,”’  Bishop  says.  “If  you  don’t 
virtualize  at  the  workload  tier  and  make  sure  the 
workload  moves  to  wherever  the  best  fit  is,  you’re 
never  going  to  get  there.” 

This  represents  a  shift  from  today’s  supply- 
driven  mentality  to  a  demand-driven,  service- 
oriented  approach.  Getting  there  requires  that 
enterprises  adopt  a  product  such  as  Appistry 
CloudlQ  Platform  (formerly  called  Enterprise 
Application  Fabric),  DataSynapse’s  FabricServer 
or  IBM  WebSphere  XTP  and  build  a  framework 
around  it,  he  says. 

Virtualizing  the  workspace  is  the  next  logical 
step.  Bishop  says.  “If  you  can  break  the  bond  of 
hardwired  information  and  content,  and  have  it 
so  that  whenever  I  ask  for  something  it  gets  pro¬ 
cessed  [to  meet  service  levels,]  then  you  have  the 
ability  to  have  a  virtual  extension  anywhere.” 

This  goes  beyond  the  desktop  virtualization  con¬ 
cept  talked  about  today,  in  that  the  user  need  not 
have  a  distinct  physical  PC.  A  smartphone  would 
suffice,  maybe  even  a  TV,  Bishops  says.  “With  a 
single  ID,  I  should  be  able  to  travel  anywhere  and 
if  I  can  just  get  to  a  screen  with  Internet  access,  I  should  be  able  to  have  my 
entire  workspace  with  me  —  completely  there  but  virtual.” 

While  leading-edge  enterprises  are  striding  toward  this  virtual  nir¬ 
vana,  the  majority  of  companies  are  baby-stepping  their  way  through 
current-generation  virtualization  projects.  What’s  next  for  them  is 
more  about  growing  the  virtual  server  environment,  integrating  vir¬ 
tualization  across  servers,  storage  and  the  network,  extending  virtual¬ 
ization  to  the  desktop  —  and  figuring  out  how  to  manage  it  all. 

We  explore  those  issues  in  this  New  Data  Center  package.  ■ 

Schultz  is  a  freelance  IT  writer  in  Chicago.  You  can  reach  her  at 
bschultz5824@gmail.com. 


Information 
virtualization  is 
going  to  be  big. 

If  I  can’t  get  to  the  information 
i  need,  right  away,  the  benefits 
of  virtualization  will  become  lim¬ 
ited.  You  need  to  do  more  than 
virtualize  the  infrastructure.il 

TONY  BISHOP,  CEO, 
ADAPTIVITY 
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Now  more  than  ever,  you  need  your  money  to  work  harder.  With  the  new  generation 
of  HP  ProLiant  G6  Servers  with  Intel®  Xeon®  processor  5500  series  you  dramatically 
improve  energy  efficiency,  flexibility  and  performance.  And  more  reliability  in  each 
system  means  you  can  reduce  business  risk  as  you  increase  your  productivity. 

Decrease  your  IT  support  costs  to  an  absolute  minimum.  HP  Insight  Control  Suite  (ICE) 
will  help  you  to  reduce  operational  expenses  by  up  to  $48,380  per  100  users.* 

For  total  peace  of  mind,  HP  Care  Pack  Services  deliver  industry  leading  automated 
24X7  system  monitoring,  diagnosis  and  fault  notification  to  protect  your  investment. 

Making  you  and  your  business  shine. 

Technology  for  better  business  outcomes. 


HP  ProLiant  DL360  G6  Server 


HP  ProLiant  BL460c  G6  Server  Blade 


HP  BladeSystem  c3000  Enclosure 


$2,969  (Save  $723) 

lecse  for  just  $72/mo.'* 

£223  Buy  i[PN :  519567-005] 


$2,209  (Save  $375) 


$3,499  (Save  $2,319) 


Lease  for  just  $54/mo!** 

[PN:532020-B21] 


Lease  for  just  $85/mo.*' 
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Special  0%  financing  for  up  to  36  months  also  available* 
To  learn  more,  call  1-866-625-0812  or  visit  hp.com/go/G6superstar9 
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BY  BETH  SCHULTZ 


VIRTUAL  DESKTOPS  TO  THE 


VDI  gets  the  nod  at  Kentucky  healthcare  provider 


■  In  September  2008,  while  Louisville,  Ky., 
was  recovering  from  a  wind  storm  that  left 
much  of  the  city  without  power,  IT  Director 
Brian  Cox  was  dreaming  not  of  gentle  breezes 
but  of  desktop  virtualization. 

The  storm  left  Cox,  who  is  director  of  IT  cus¬ 
tomer  service  at  Norton  Healthcare,  scram¬ 
bling  to  create  temporary  desktops  for  about 
200  employees  from  an  outlying  billing  office 
that  had  been  knocked  off  the  power  grid.  “You 
can  go  for  a  day  or  two  without  power  and  get 
caught  up,  but  once  the  outage  hits  three  or  four 
days,  if  you’re  not  getting  your  bills  out  the  door, 
especially  with  time-sensitive  Medicare  and 
Medicaid,  you  don’t  get  paid  for  services  you 
provided,”  he  says. 

Three  days  into  the  outage,  Cox  began  setting 
up  workers  at  PCs  in  training  rooms  and  other 
temporary  spots  and  loading  up  their  applica¬ 
tions.  “If  we  had  had  desktop  virtualization  in 
place  for  them,  many  could  have  worked  from 
home,  a  different  office  or  contingency  location 
like  a  hotel  and  have  had  access  to  their  applica¬ 
tions  right  away.  We  would  have  been  able  to  say, 
‘OK,  log  in  here  just  like  you  do  from  the  office,’ 
and  they’d  have  been  back  to  work  in  no  time.” 

Fortunately,  the  situation  wasn’t  as  dire  as  it 
could  have  been.  Norton  already  had  embraced 
a  virtual  desktop  infrastructure  for  the  compa¬ 
ny’s  five  hospitals,  plus  a  few  specialized  cases. 
One  of  those  special  instances  involved  moving 
billing  types  that  required  no  “human  touch” 
onto  the  virtualized  infrastructure  —meaning, 
onto  hosted  desktops  in  the  data  center.  “When 
the  power  went  out,  the  billing  office,  the  lady 
running  those  systems  was  able  to  work  from 
home  and  she  got  50%  of  the  bills  out  the  door,” 
Cox  says. 

Hospital  floors  to  satellite  offices 

Since  the  end  of 2007,  the  IT  team  has  deployed 
950  virtual  desktops,  mostly  in  Norton’s  five 


hospitals,  for  physician  and  nurse  access  to  a 
host  of  applications,  including  the  main  health¬ 
care  information  and  picture  archiving  systems. 
“We’ve  been  able  to  run  just  about  every  single 
application  we’ve  tried  on  the  virtual  desktops,” 
Cox  says. 

Previously,  Norton  used  Citrix  Systems’ 
MetaFrame  client/server  technology  to  provide 
access  to  the  healthcare  information  system,  but 
that  had  become  too  limiting.  Users  wanted  to 
be  able  to  tap  into  more  than  just  that  one  appli¬ 
cation  from  a  terminal,  he  says. 

For  the  virtualized  desktop  infrastructure, 
Norton  uses  VMware  View  (formerly  VMware 
Virtual  Desktop  Infrastructure,  or  VDI)  run¬ 
ning  on  10  IBM  3850  M2  hosts.  Norton  has 
been  sprinkling  thin  clients  throughout  the 
hospitals,  from  which  physicians,  nurses  and 
other  personnel  can  access  applications  once 
they’ve  been  authenticated  via  the  hospital’s 
Sentillion  single  sign-on  system.  Most  clients 
are  Wyse  Technology  terminals,  but  Norton 
also  has  repurposed  some  older  desktops  with 
a  VMware  overlay,  Cox  says.  Windows  XP  is  the 
current  operating  system  in  use. 

Norton  provides  LAN,  wireless  LAN  and 
WAN  access  to  the  hosted  desktops. 

The  regional  healthcare  system  is  looking 
to  push  outside  the  clinical  realm  and  get  as 
many  other  people  on  virtualization  as  it  can, 
Cox  says.  Virtual  desktops  account  for  about 
15%  of  the  total  number  of  PCs  at  Norton,  Cox 
says.  The  goal,  he  adds,  is  to  hit  the  30%  mark 
by  year-end. 

Procedural  complications 

That  Norton  has  been  using  desktop  virtu¬ 
alization  for  nearly  two  years  and  has  such 
aggressive  growth  plans  makes  it  a  bit  of  an 
anomaly  among  enterprises  today.  While  lots 
of  enterprises  are  tinkering  with  this  maturing 
technology,  not  many  have  embraced  desktop 


virtualization  to  its  fullest,  analysts  say. 

“Desktop  virtualization  deployments  are 
growing,  but  not  as  fast  as  you  might  think 
given  how  fast  server  virtualization  grew,” 
says  Bernard  Golden,  CEO  of  HyperStratus, 
a  consulting  firm  specializing  in  advanced  IT 
technologies. 

“Compared  to  server  virtualization,  desktop 
virtualization  has  many  more  moving  parts 
and  so  many  more  parts  of  the  organization 
are  affected  by  that.  So  that  becomes  a  greater 
challenge  to  prove  out  the  finances,  and  coordi¬ 
nation  takes  longer,”  he  says.  “Assuming  you’re 
going  with  a  VDI  approach,  where  you’re  host¬ 
ing  desktops  on  a  server,  then  you’ve  got  to 
rearrange  your  back  end,  do  your  provisioning, 
identity  management  —  there  are  a  lot  of  piece 
parts  to  get  right.” 

Future-proofing  the  desktop 

But  for  Norton,  Cox  sees  only  the  positive  in 
desktop  virtualization.  Time  to  deployment  for 
virtual  desktops  has  been  “just  phenomenal,” 
plus  change  management,  control  and  security 
updating  are  highly  streamlined. 

Cox  points  back  to  business  continuity  as 
one  major  benefit.  Another  is  ease  of  getting  a 
new  hospital  in  the  system  up  and  running.  “In 
VMware  View  Manager,  we  can  say  we  need  100 
machines,  plug  in  MAC  addresses  and  the  thin 
clients  boot  and  configure  themselves,”  he  says. 

And  a  third  benefit  is  improved  application 
performance  across  the  WAN,  an  increasingly 
important  part  of  Norton's  infrastructure  as 
the  organization  grows  beyond  its  downtown 
campus.  Besides  that  outlying  billing  office, 
for  example,  many  physicians’  offices  are  20  or 
more  miles  away  from  the  downtown  campus. 
“If  we  put  them  on  virtual  desktops,  they  only 
need  to  see  screen  refreshes,”  he  says. 

“Getting  more  and  more  virtualized,”  Cox 
says,  “will  only  help  us  in  the  future.”  ■ 
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■  As  virtualization  evolves  over  the  next  sev¬ 
eral  years,  management  will  play  an  increas¬ 
ingly  bigger  role. 

Management’s  importance  will  increase 
coincident  with  the  growing  competitive¬ 
ness  of  non-VMware  hypervisors,  especially 
Microsoft’s  Hyper-V,  industry  watchers  agree. 
“In  coming  year  s,  Microsoft  will  catch  up  with 
VMware  on  the  back  end  and  what  will  sepa¬ 
rate  those  two  environments  are  the  manage¬ 
ment  tools,”  says  Bob  Pate,  network  opera¬ 
tions  manager  at  McGlinchey  Stafford  PLLC, 
a  large  New  Orleans  law  firm. 

“You’re  going  to  start  seeing  cross-platform 
management  tools.  Some  will  handle  VMware 
and  Microsoft,  or  Citrix  and  Microsoft,  for 
example.  This  is  really  what’s  going  to  create 
your  top  runners,”  he  adds. 


single  pane  of  glass  focuses  on 
multi-vendor  management  tools 


One  management  view 

Multi-vendor  hypervisor  environments 
already  are  on  the  rise,  says  Bob  Meyer,  world¬ 
wide  virtualization  solutions  lead  for  HP.  “The 
reality  is,  going  forward,  people  will  prefer  dif¬ 
ferent  types  of  hypervisors  for  different  types 
of  applications.  The  business  will  require  that 
you  have  a  single  view,  and  from  an  IT  perspec¬ 
tive  you  don’t  want  multiple  management  tools, 
repositories,  teams  of  users.  You  want  a  single 
pane  of  glass,”  he  says. 

Data  from  Enterprise  Management  Asso¬ 
ciates  (EMA)  confirms  the  trend.  In  a  survey 
conducted  in  mid  2008,  EMA  found  that 
only  7%  of  respondents  had  only  one  virtu¬ 
alization  supplier  in  their  test  and  develop¬ 
ment  and  production  environments,  reports 
Andi  Mann,  a  research  vice  president  with 
the  firm. 

Going  forward,  Mann  says,  IT  will  need  to 
distinguish  virtualization  management  from 
virtual  system  management.  “A  multi-disci¬ 
plined  approach  to  virtual  systems  manage¬ 
ment  has  to  be  the  real  goal,”  he  says. 

Virtualization  management  is  about 


managing  the  low-level  capabilities  dedicated 
to  the  virtualization  system  itself.  It  takes  care 
of  managing  the  hypervisor,  memory  alloca¬ 
tion,  virtual  machine  migration  and  such 
functions.  As  a  rough  estimate,  Mann  says  he 
figures  about  75%  of  enterprises  are  grappling 
with  virtualization  management  issues. 

Virtual  systems  management  addresses 
higher  level  needs,  Mann  says.  He  has  identi¬ 
fied  three  main  areas  of  virtual  systems  man¬ 
agement:  managing  the  life  cycle  of  the  virtual 
system;  monitoring  servers  being  provided 
by  the  virtualization  system;  and  automat¬ 
ing  operations  of  that  virtual  system.  About 
18  management  disciplines  fall  under  these 
categories,  he  says. 

IT  executives  overseeing  the  most  mature 
virtualization  environments  are  starting  to 
understand  virtual  systems  management, 
but  everyone  needs  to  be  working  toward  this 
goal,  Mann  says.  “This  is  what  you  need  to 
do  if  you  want  to  manage  your  environment 
properly.  Otherwise  you’re  wasting  your  peo¬ 
ple  —having  senior-level  architects  doing  low- 
level  management  while  IT  administrators 


sit  around  because  they  don’t  have  the  right 
tools,”  he  says. 

Virtualization  vendors,  of  course,  are 
scrambling  to  distinguish  themselves  on 
the  management  front.  VMware  focuses  on 
boosting  its  capabilities  for  managing  its  own 
hypervisors,  recently  adding  functionality 
such  as  application  mapping  and  chargeback. 
Microsoft  touts  the  ability  to  manage  multiple 
hypervisors  in  Virtual  Machine  Manager. 

But  opportunities  are  ripe  for  third-party 
management  platform  and  tool  vendors, 
Mann  adds.  IT  managers  will  find  a  lot  of 
value  in  external  toolsets  from  big  vendors 
such  as  BMC,  CA  and  HP,  as  well  as  more  tar¬ 
geted  players  such  as  DynamicOps;  PlateSpin, 
a  Novell  company;  and  Vizioncore. 

Chris  Wolf,  a  senior  Burton  Group  analyst, 
says  he  expects  to  see  consolidation  and  attri¬ 
tion  in  the  virtualization  management  space. 
While  enterprises  do  need  management  tools 
that  help  them  address  challenges  of  their 
maturing  virtualization  environments,  they 
almost  have  too  many  choices,  he  says.  “It’s 
almost  overkill."  ■ 
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IT  EXECS 

SLOW  TO  BITE 

Virtual  appliances  offer  easy  and  quick 

installation,  but  buyers  remain  wary 


VIRTUAL  STORAGE:  JUST  THE 
TICKET  FOR  DISASTER  RECOVERY 


While  most  enterprises  begin  their  virtualization  foray  at  the  server  level, 
faith-based  financial  services  firm  Mennonite  Mutual  Aid  (MMA)  came 
at  it  from  the  storage  side  of  the  shop.  The  primary  objective  was 
remote  disaster  recovery,  which  a  growing  variety  of  virtualization 
capabilities  can  neatly  address. 

“If  you  think  about  virtualizing  servers  and  consolidating  storage,  you’d  go  a 
long  way  toward  building  a  disaster-recovery  plan  by  positioning  servers  and 
secondary  storage  at  a  disaster-recovery  location,”  says  Richard  Plank,  network 
operating  system  administrator  for  MMA,  in  Goshen,  Ind. 

At  MMA,  Plank  migrated  from  a  direct-attached  storage  environment  to  a 
tiered,  virtual  infrastructure  with  remote  disaster  recovery  using  FalconStor 
Network  Storage  Server  and  VMware  for  server  virtualization,  as  well  as 
FalconStor  Virtual  Tape  Library  (VTL)  for  backups.  With  the  virtual  setup,  MMA 
avoided  a  forklift  upgrade  on  the  storage  side,  while  meeting  a  four-hour  recov¬ 
ery  time  objective  for  mission-critical  applications,  he  says. 

VTL  technology,  which  presents  storage  disks  as  tape  drivers  to  back  up 
software,  also  has  helped  New  Orleans  law  firm  McGlinchey  Stafford  meet  its 
disaster  recovery  objectives,  says  Bob  Pate,  network  operations  manager. 

Prior  to  using  VTL,  from  Sepaton,  a  full  backup  of  the  McGlinchey  Stafford  envi¬ 
ronment  took  as  long  as  95  hours,  stretching  throughout  the  weekend  and  into 
Wednesday  midday,  Pate  says.  “By  switching  to  a  Sepaton  environment,  we  went 
from  an  average  transfer  rate  of  about  250  megabytes  per  hour  to  200  to  300 
gigabytes  per  hour.  Backups  are  down  to  44  hours  now,"  he  says. 

As  an  extra  protection  measure,  since  the  firm  has  several  office  in  hurricane 
zones,  Pate  uses  VMware  Consolidated  Backup  to  consolidate  virtual  machine 
snapshots  on  a  backup  proxy  server. 

In  the  case  of  a  hurricane,  IT  moves  the  device  to  a  safe  area  as  a  precaution. 
In  the  case  of  an  extended  evacuation,  such  as  occurred  during  Katrina,  IT  can 
restore  these  snapshots,  bringing  them  online  as  needed. 


■  The  idea  —  and  benefits  of — virtual  appli¬ 
ances  seem  straightforward  enough,  but  IT 
execs  have  been  slow  to  adopt  the  technology. 

In  the  virtual  appliance  model,  developers 
package  applications  with  an  operating  sys¬ 
tem  to  run  as  either  a  hardware  or  software 
appliance.  “The  value  proposition  is  so  clear 
cut  from  vendor  and  customer  perspectives. 
We  build,  you  install,  it  works,”  says  Bernard 
Golden,  CEO  of  HyperStratus,  an  advanced 
IT  consulting  firm.  “I  thought  virtual  appli¬ 
ances  would  be  a  big  deal,  taking  off  really 
fast,  but  they  haven’t.” 

Chris  Wolf,  a  senior  Burton  Group  analyst, 
has  one  explanation.  “Some  vendors  want  to 
hold  on  to  their  physical  appliances  as  long  as 
they  can  because  they  get  very  high  margins 
on  them,”  he  says.  But  enterprises  are  start¬ 
ing  to  demand  their  appliances  as  virtual 
machines.  “They  get  the  technology  plus  the 
mobility  benefit  of  virtualization,”  he  says. 

Jim  Metzler,  vice  president  of  IT  consulting 
firm  Ashton,  Metzler  &  Associates,  agrees. 
“I’m  somewhat  enthusiastic  about  virtual 
appliances.  IT  shops  don’t  really  want  a 
bunch  of  boxes  around,”  he  says. 

WAN  optimization  vendors  and  security 
companies  are  in  the  forefront  of  the  virtual 
appliance  movement,  Metzler  says.  Within 
recent  months,  Citrix  Systems  has  announced 
the  NetScaler  Virtual  Appliance  for  applica¬ 
tion  delivery  control,  and  SourceFire  has  pre¬ 
viewed  the  SourceFire  3D  System  4.9  virtual 
intrusion-prevention-system  appliance,  for 
example. 

“Vendors  that  are  late  to  the  game  here  or 
trying  to  dismiss  virtual  appliances  are  in 
trouble,”  Wolf  says. 

Virtual  appliance  activity  also  is  bub¬ 
bling  up  on  the  software  side  of  IT.  Earlier 
this  year,  Novell  announced  a  collaboration 
with  VMware  to  help  software  vendors  build 
SUSE  Linux  Enterprise-based  virtual  appli¬ 
ances.  And  just  last  month,  Bitrock,  a  pro¬ 
vider  of  cross-platform  deployment  tools  and 
services,  released  30  open  source  application 
stacks  as  SUSE-based  virtual  appliances. 
CRM,  enterprise  content  management  and 
bug-tracking  are  among  the  application  types 


now  available  in  appliance  form. 

Software  provider  Adobe  Systems  has  defi¬ 
nitely  seen  an  uptick  in  requests  for  virtual 
appliances,  says  Marcel  Boucher,  senior  man¬ 
ager  of  technical  marketing  at  the  company. 

In  July,  Adobe  made  available  a  LiveCycle 
Evaluation  Virtual  Appliance  for  download. 
The  appliance  is  essentially  a  VMware  virtual 
machine  containing  the  SUSE  Linux  Enter¬ 
prise  Server  operating  system,  a  JDK,  a  J2EE 
application  server,  a  database  management 
system  and  Adobe’s  LiveCycle  ES  8.2.1  SP1 


evaluation  version,  Boucher  describes.  The 
goal,  he  says,  is  to  lower  the  barriers  for  people 
who  want  to  evaluate  enterprise  software. 

As  great  as  these  plug-and-play  solutions 
can  be,  Boucher  says  users  need  to  be  careful 
about  file  size.  “A  virtual  appliance  package 
can  get  pretty  large,  so  being  able  to  manage 
that  closely  is  important.” 

Likewise  when  vendors  turn  the  physical 
into  the  virtual,  Metzler  warns.  “You  need  to 
know  how  to  manage  and  secure  these,  and 
how  they’re  going  to  perform.”  II 
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VIRTUAL  SWITCHES 

GET  THE  NOD 

As  virtualization  spreads  to  the  network, 

the  spotlight  turns  to  virtual  switches 


N  At  Chicago-based  railcar  operator  TTX,  Rob 
Zelinka  has  taken  the  company’s  “Forward  Think¬ 
ing”  motto  to  heart. 

From  the  beginning  of  Zelinka’s  virtualization 
efforts,  he  wanted  to  be  more  aggressive  than  the  aver¬ 
age  company.  That  meant  an  ambitious  initial  goal  of 
virtualizing  75%  to  80%  of  the  company’s  servers. 

Turns  out,  that  goal  wasn’t  ambitious  enough. 

TTX  has  already  virtualized  75%  of  its  server  infra¬ 
structure,  and  is  pushing  to  get  as  close  to  100%  as 
possible  —  and  that  includes  desktops  as  well  as  serv¬ 
ers,  Zelinka  says.  Today,  TTX  has  nearly  130  virtual 
machines  (VM)  running  on  production  HP  ProLiant 
DL  servers  and  another  140  or  so  VMs  for  testing  and 
development. 

But  this  year  in  particular,  virtual  networking  has 
been  on  Zelinka’s  mind,  as  virtualization  vendors 
talk  up  their  networking  strategies. 

Zelinka  has  decided  to  do  switching  within  a  blade 
chassis  using  HP’s  Virtual  Connect,  a  software  switch 
that  will  let  his  team  move  servers  around  without 
bugging  the  storage  and  network  managers. 

But  the  decision  to  go  with  HP,  made  prior  to  Cis¬ 
co’s  announcement  of  its  Unified  Computing  System 
(UCS),  could  have  gone  another  way,  Zelinka  says.  In 
UCS,  Cisco  packages  blade  servers  along  with  storage, 
network  and  virtualization  resources.  “Today  we’d 
have  to  look  strongly  at  whether  we  want  to  do  servers 
in  what  is  traditionally  a  network  chassis  or  network 
switches  in  what  is  in  essence  a  server  chassis.” 

Switch  or  broker? 

And  then  there  are  virtual  switches  integrated  into 
hypervisors,  such  as  the  Cisco  Nexus  1000V  and 
VMware  vSphere  4.0  suite,  or  the  XenServer  virtual  switch  Citrix  Sys¬ 
tems  has  in  the  works.  Tom  Nolle,  CEO  of  CIMI,  an  IT  consulting  firm, 
cautions  not  to  be  confused  by  terminology.  The  Nexus  1000V  is  less 
switch  and  more  resource  broker,  he  says  —  and  enterprise  IT  manag¬ 
ers  ought  to  understand  the  difference  as  they  explore  where  to  go  next 
with  virtualization. 

This  switching/brokerage  function  comes  into  play  when  enter¬ 
prises  move  beyond  static  virtualization  —loading  an  application  onto 
a  virtual  server  —  and  begin  creating  a  pool  of  virtual  partitions  on  dif¬ 
ferent  servers  for  resource  sharing  among  applications.  Since  the  place 
an  application  winds  up  is  variable,  IT  has  got  to  be  able  to  bind  a  user 
to  it  in  some  way,  he  says. 

“The  guy  who  has  the  resources  has  to  publish  the  resources  and  the 
guy  who  needs  the  resources  has  to  pick  something  from  a  published 


available  set  and  bind  to  it,”  Nolle  says.  “The  net¬ 
work  can  do  the  latter  of  the  two,  connecting  the  user 
to  a  virtual  application  image  somewhere.  But  the 
only  guy  who  really  knows  how  to  get  that  virtual 
image  published  is  the  guy  who  owns  the  image, 
which  in  this  case,  is  VMware  [or  other  hypervisor 
provider].” 

Watch  for  a  variety  of  “fascinating”  developments 
in  the  area  of  network  virtualization  to  start  popping 
this  fall;  vendors  will  be  looking  to  grab  mindshare  as 
IT  executives  launch  into  2010  budgeting,  Nolle  says. 

“You’re  going  to  see  a  partnerships  and  manage¬ 
ment  integration.  Any  virtualization  package  has  a 
set  of  management  tools  that  would  allow  you,  for 
example,  to  determine  the  status  of  a  given  server  and 
the  virtual  partitions  available  on  that  server.  That 
information  is  exposed  through  an  API  to  provide 
integration  for  network  vendors,  who  could  use  that 
process  as  the  beginning  of  resource  publishing.” 

Virtual  starting  point 

In  the  meantime,  Jeff  Allison,  network  engineer  with 
Health  First,  is  eyeing  the  switching  functionality 
found  in  vSphere  4.0  .  That  will  come  in  handy  for 
supporting  virtual  server  growth  at  the  Rockledge, 
Fla.,  healthcare  system,  he  says. 

The  organization  has  400  virtual  machines  (VM) 
in  its  production  environment  on  27  physical  hosts. 
Its  server  infrastructure  is  nearly  60%  virtualized 
—  and  still  growing.  “We’re  waiting  for  eight  more 
VMware  servers  to  show  up  today,”  Allison  said  in 
a  mid-July  interview.  “We’re  mostly  looking  to  the 
switching  for  ease  of  management.” 

In  vSphere,  VMware  offers  a  collection  of  network¬ 
ing  capabilities  under  the  vNetwork  label.  One  of  the  most  interesting, 
experts  say,  is  vNetwork  Distributed  Switch  (vDS),  which  treats  the 
network  as  an  aggregate  resource. 

In  other  words,  it  abstracts  individual,  host-level  virtual  switches 
into  a  single  vDS  that  spans  multiple  hosts  at  the  data  center  level.  Port 
groups  span  multiple  hosts,  which  VMware  says  ensures  configuration 
consistency  for  VMs  and  virtual  ports  necessary  for  such  functions  as 
live  migration  with  VMotion.  Previous  VMware  technology,  vSwitch, 
handled  networking  and  configuration  on  a  per-host  basis. 

VDS  also  integrates  with  third-party  virtual  switches,  starting  with 
the  Nexus  1000.  Besides  working  through  the  vDS  APIs  to  provide 
network  services,  the  Nexus  1000V  leverages  Cisco’s  NX-OS  operat¬ 
ing  system  to  provide  deeper  management  and  a  feature  set  similar  to 
its  physical  gear.  ■ 


You’re  going 
to  see  a  part¬ 
nerships  and 
management 
integration. 

Any  virtualization  package 
lias  a  set  of  management 
tools  tiiat  would  allow  you, 
for  example  to  determine 
the  status  of  a  given  server 
and  the  virtual  partitions 
available  on  that  server. » 

TOM  NOLLE,  CEO,  CIMI 
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Emerging  technology 

creates  additional  flexibility 
in  virtual  environments 


■  The  phrase  “bare-metal  client  hypervisor” 
is  a  mouthful,  but  one  IT  execs  ought  to  get 
used  to  saying  in  the  coming  years. 

As  the  name  suggests,  this  type  of  hypervi¬ 
sor  sits  directly  on  top  of  hardware  —  desk¬ 
top  computers,  laptops,  perhaps  even  smart¬ 
phones  one  day  —  running  independently 
from  the  operating  system. 

“This  is  exciting  technology,”  says  Chris 
Wolf,  a  senior  analyst  with  Burton  Group. 
“It  provides  enterprises  with  a  tremendous 
amount  of  flexibility.” 

One  reason  for  his  enthusiasm,  Wolf 
says,  is  the  ability  to  run  multiple  virtual 
machines  (VM)  on  top  of  a  bare-metal  cli¬ 
ent  hypervisor.  A  user  machine  takes  on  a 
whole  new  personality  under  this  type  of 
architecture. 

On  a  desktop  computer  outfitted  with  a  cli¬ 
ent  hypervisor,  for  example,  you  might  find 
corporate-sanctioned  and  supported  oper¬ 
ating  system  and  applications  running  on 
a  locked-down  VM.  Personal  applications, 
such  as  iTunes  and  digital  picture  portfolios, 
as  well  as  an  individual’s  preferred  operating 
system,  would  sit  atop  another  VM.  What 
goes  on  in  one  VM  has  nothing  to  do  with  and 
is  never  impacted  by  any  other  VM  on  the 
same  client  and,  perhaps  best  yet,  IT  doesn’t 
have  to  support  the  personal  VMs  or  any¬ 
thing  running  on  them,  Wolf  says. 

Likewise,  you  might  find  software  develop¬ 
ers  running  Linux  and  Windows  VMs  side  by 
side  on  their  desktops.  The  former  would  host 
their  core  development  tools  while  the  latter 
business  applications  such  as  e-mail  and  cal¬ 
endaring,  says  Doug  Lane,  senior  director  of 
product  management  and  marketing  at  Vir¬ 
tual  Computer,  a  start-up  with  a  bare-metal 
client  hypervisor  called  NxTop. 

Enterprises  might  one  day  even  offer 


We’re  changing 
the  business, 

trying  to  get  people  more  mobile  and 
doing  visits  without  having  to  keep 
running  hack  to  the  office. » 

JOHN  COOK,  SYSTEMS  ADMIN¬ 
ISTRATOR,  PARTNERSHIP  FOR 
STRONG  FAMILIES 


“build  your  own  PC”  programs,  much  as 
many  do  today  with  cell  phones.  Employees 
can  use  a  company-provided  voucher  to  buy 
the  computer  model  they  like  best  from  a  pre¬ 
determined  list.  They  can  run  their  personal 
and  work  environments  on  the  same  system, 
but  all  support  comes  from  the  PC  maker,  not 
internal  IT,  Wolf  says. 

Virtual  desktop  infrastructure 

Bare-metal  client  hypervisors  also  will  play 
a  big  role  in  virtual  desktop  infrastructures 
in  which  virtual  desktops  are  hosted  at  cen¬ 
tral  sites  and  downloaded  on  user  request. 
Because  bare-metal  hypervisors  don’t  rely  on 
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the  client  operating  system,  IT  can  create  or 
update  one  image  —  say  by  applying  a  Win¬ 
dows  patch  —  and  publish  that  out  across  the 
virtual  desktop  infrastructure. 

In  northern  Florida,  Virtual  Computer’s 
NxTop  will  help  the  Partnership  For  Strong 
Families  fulfill  its  mission  of  getting  case¬ 
workers  out  on  the  road  providing  children 
services  to  those  in  need,  says  John  Cook, 
systems  administrator  at  the  Gainesville 
organization.  “We’re  changing  the  business, 
trying  to  get  people  more  mobile  and  doing 
visits  without  having  to  keep  running  back 
to  the  office,”  he  says. 

Outfitting  users  with  smartphones  and 
laptops  seemed  a  reasonable  idea.  But  with 
laptops  came  a  cumbersome  encryption 
requirement  to  show  compliance  with  the 
Health  Insurance  Portability  and  Account¬ 
ability  Act.  The  smartphones  weren’t  an 
issue;  Research  in  Motion’s  BlackBerry,  the 
chosen  device,  comes  with  encryption  and  the 
ability  to  wipe  and  lockdown  a  unit  remotely. 
The  organization  would  have  needed  to  buy 
either  a  software  encryption  package  or  an 
encrypted  hard  drive.  That,  plus  other  add¬ 
on  software  it  would  need,  meant  Partnership 
for  Strong  Families  would  have  had  several 
packages  to  pay  for  on  top  of  the  machines. 
Cook  says. 

A  virtual  computer  is  another  story.  “It 
offers  us  the  possibility  of  doing  all  this  stuff 
in  one  management  console  with  one  build, 
simplifying  everything,”  he  adds.  Plus, 
NxTop  uses  encryption,  and  Cook  can  change 
permissions  and  lock  down  virtual  laptops 
from  the  management  console,  addressing 
his  security  concerns. 

Cook  and  his  team  have  been  beta  testing 
NxTop,  and  are  good  to  go  with  a  production 
deployment  this  fall,  he  says.  “We’ve  already 
bought  the  basic  licensing  package.” 

By  year-end,  NxTop  and  other  bare-metal 
client  hypervisors  will  begin  hitting  the 
market.  Besides  start-ups  such  as  Virtual 
Computer,  these  hypervisors  will  be  avail¬ 
able  from  virtualization  mainstays  such  as 
Citrix  Systems  and  VMware.  And  early  next 
year,  we  should  expect  to  see  client  hypervi¬ 
sors  shipping  on  bare  metal  from  desktop 
and  laptop  makers.  Wolf  says. 

However,  Wolf  says  he  doesn’t  expect  the 
technology  to  go  mainstream  for  another 
two  or  three  years.  “It’s  going  to  take  a  cou¬ 
ple  of  years  for  the  management  ecosystem 
to  bake  fully.”  ■ 
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BACKSPIN  BY  MARK  GIBBS 

On  excellence  and  best  practices 


ONE  OF  THE  consequences  of  the  pressures  of 
21st  century  business  is  that  while  we  all  talk  a 
good  game  about  excellence,  what  we  usually  get 
and  give  out  is  nothing  of  the  kind.  Moreover,  the  bigger  the  organization 
and  the  more  money  involved  the  less  achieving  excellence  there  is  and  the 
more  talking  about  it  that  goes  on. 

Excellence  has  become  a  mantra  for  a  sort  of  deluded  marketing  that  is 
as  much  about  convincing  the  customer  that  we  give  a  crap  about  them  as  it 
is  convincing  ourselves  we’re  on  the  right  track  and  doing  the  right  things. 
And  when  it  comes  to  “best  practices”  as  a  route  to  excellence  I  have  always 
been  suspicious  about  the  whole  approach  but  it  took  my  good  friend  Bob 
Lewis  to  frame  the  problem. 

On  the  first  page  of  the  first  chapter  of  his  excellent  book.  Keep  the  Joint 
Running,  Lewis  articulated  the  issue:  “Most  of  what’s  called  best  practice 
...  is  nothing  more  than  an  assertion  by  some  member  of  the  business  pun- 
ditocracy  that  a  practice  that  worked  for  one  or  a  handful  of  organizations 
should  be  practiced  by  all  organizations.” 

He  blames  Tom  Peters  for  the  market’s  devotion  to  best  practices  and 
describes  them  as  “nothing  more  than  someone’s  chutzpah-laden  asser¬ 
tion  that  this  is  how  to  go  about  whatever-it-is.”  And  when  you’re  Peters 
I  think  it’s  safe  to  say  that  a  claim  by  him  that  something  is  a  best  practice 
carries  enormous  weight. 

Now,  while  the  “one  size  fits  all”  approach  works  great  for  some  kinds 
of  clothing  it  is  wildly  optimistic  to  think  that  something  as  incredibly 
complex  and  subtle  as  enterprise  IT  could  ever  consider  a  best  practice  as 
anything  more  than  a  good  way  to  look  at  a  problem  or,  perhaps,  be  useful 
as  a  template  to  be  molded  to  fit  the  prevailing  circumstances. 


Of  course,  claims  of  best  practice  make  for  great  presentation  material 
because  the  words  sound  official;  people  reflexively  buy  in  as  if  the  pro¬ 
ponent  of  a  best  practice  had  spent  years  analyzing  and  researching  the 
topic  and  has  irrefutable  scientific  evidence  that  this  is  the  “one  true  way” 
to  solve  whatever  it  is  that  needs  solving.  It’s  the  IT  equivalent  of  an  urban 
legend  but  we  don’t  have  an  IT  version  of  Snopes.com  to  set  us  straight  and 
identify  the  BS. 

No,  true  excellence  is  a  rare  thing  that  when  achieved  will  be  hard  won 
and  can  be  lost  in  a  heartbeat.  It  is  something  that  requires  the  entire  orga¬ 
nization  to  be  involved  with  the  quest  driven  from  the  top  down.  And,  of 
course,  the  bigger  the  organization  the  less  likely  it  is  that  excellence  will  be 
ever  be  achieved  and  the  more  likely  that  organizational  inertia  will  make 
good  enough  the  result. 

In  IT  the  big  problem  is  that  we’re  mostly  engineers  so  we  usually 
interpret  excellence  as  being  the  same  as  perfection.  This  is  a  huge  prob¬ 
lem  because  if  we  admit  that  perfection  can’t  be  achieved  then  there’s  a 
tendency  to  fall  back  on  “good  enough”  as  if  that’s  the  next  step  down 
the  ladder. 

Here’s  the  reality:  These  days  there  is  no  business  without  IT  and  what 
IT  does  and  how  it  does  it  defines  the  organization’s  capabilities  and  viabil¬ 
ity.  It  is  up  to  IT  to  chart  the  course  for  the  organization  and  provide  the 
drive  for  being  as  close  to  excellent  as  it  can  be. 

In  the  21st  century  being  as  close  to  excellent  as  you  can  get  is  as  good 
as  you  can  get.  IS 

Gibbs  isn’t  anywhere  near  excellent  in  Ventura,  Calif.  That's  in  the  next 
county.  Your  practices,  best  or  otherwise,  to  backspin@gibbs.com. 


LAYER8  BY  MICHAEL  COONEY 

Can  electronic  health  records  really  be  secure? 


TRYING  TO  GET  a  handle  on  what  most  certainly 
will  be  an  explosion  of  digitization  of  medical 
records,  the  Federal  Trade  Commission  last  week 
issued  the  final  rules  requiring  “certain  Web-based  businesses  to  notify 
consumers”  when  the  security  of  their  electronic  health  information  is 
breached. 

But  are  the  rules  meaty  enough  or  will  they  merely  offer  more  fuel  to  the 
already  burning  healthcare  fire? 

First,  let’s  understand  what’s  happening.  Congress  this  spring  told 
the  FTC  to  issue  the  breach  rule  as  part  of  the  American  Recovery  and 
Reinvestment  Act  of 2009.  The  rule  applies  to  vendors  of  personal  health 
records  —  which  provide  online  repositories  that  people  can  use  to  keep 
track  of  their  health  information  —  and  entities  that  offer  third-party  appli¬ 
cations  for  personal  health  records. 

The  rules  contain  specific  requirements  governing  the  timing,  method, 
and  contents  of  the  breach  notice  to  consumers.  For  example,  they  require 
companies  to  provide  breach  notices  without  what  the  FTC  calls  “unrea¬ 
sonable  delay,”  and  in  no  case  later  than  60  calendar  days  after  discovering 
a  breach;  it  requires  notice  to  consumers  by  first-class  mail  or  by  e-mail; 
and  it  requires  substitute  notice  through  the  media  or  a  Web  posting,  if 
there  is  insufficient  contact  information  for  10  or  more  individuals. 

The  final  rule  also  specifies  the  timing,  method  and  content  of  notifi¬ 
cation,  and  in  the  case  of  certain  breaches  involving  500  or  more  people, 
requires  notice  to  the  media.  It  also  authorizes  the  FTC  to  seek  civil  penal¬ 
ties  for  violations. 

While  the  FTC’s  fnal  rule  attempts  to  sort  out  all  manner  of  digital 
healthcare  privacy  issues,  detractors  say  it  does  nothing  but  confuse. 

For  example,  the  Health  Data  Management.com  site  states:  Efforts  by 
the  FTC  and  the  Department  of  Health  and  Human  Services  to  harmonize 


separate  rules  governing  notification  of  breaches,  the  FTC  rule  takes  con¬ 
fusion  to  a  new  level.  It  cites  a  number  of  examples: 

1:  Under  the  rule,  vendors  must  notify  users  of  its  public  health  records 
software  in  cases  of  a  breach.  But  if  a  hospital,  insurer  or  other  entity  offers 
a  vendor’s  records  to  consumers,  and  then  the  vendor  must  notify  the 
entity,  which  in  turn  must  notify  affected  consumers,  the  site  states. 

2:  Although  the  FTC’s  proposed  rule  made  clear  that  it  did  not  apply 
to  HIPAA-covered  entities,  FTC  explicitly  excluded  doctors  from  its  rule, 
even  if  they  are  involved  with  public  health  records,  but  with  a  twist.  “The 
Commission  agrees  that,  because  health  care  providers  such  as  doctors  are 
generally  HIPAA-covered  entities,  the  FTC’s  rule  does  not  apply  to  them 
in  such  capacity.  Thus,  if  a  doctor’s  medical  practice  offers  records  to  its 
patients,  neither  the  doctor  nor  the  medical  practice  is  subject  to  FTC’s  rule. 
However,  if  the  doctor  creates  a  record  in  a  personal  capacity,  there  may  be 
circumstances  under  which  the  FTC’s  rule  would  apply,  the  site  states. 

Meanwhile  the  Government  Accountability  Office  earlier  this  year 
offered  up  a  report  on  federal  IT  health  initiatives  and  said:  “Achieving 
widespread  adoption  and  implementation  of  health  IT  has  proven  chal¬ 
lenging,  and  the  best  way  to  accomplish  this  transition  remains  subject 
to  much  debate.” 

Indeed. 

One  of  the  key  facets  of  that  debate  is  that  the  healthcare  industry  needs 
to  implement  an  approach  to  protection  of  personal  privacy  that  encour¬ 
ages  public  acceptance  of  health  IT  . . .  particularly  electronic  medical 
records,  the  GAO  stated. 

None  of  this  makes  me  feel  comfortable  about  the  privacy  of  our  elec¬ 
tronic  health  records.  ■ 

Cooney  can  be  reached  at  mcooney@nww.com. 
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EFFORTLESSLY  HOLD  YOUR  DATA 


at  a  fraction  of  the  cost  and  footprint. 


r  £■< .. 


Imagine  storage  and  data  management  solutions  smart  enough  to  support  the  data  you  need,  and  not  a  lot  of  dead  weight. 

It’s  possible  when  you  partner  with  NetApp.  Our  industry-leading  solutions  use  deduplication  and  other  space-saving  technologies 
to  help  you  store  data  efficiently  and  reduce  your  footprint  by  50%  or  more.  So  you  can  manage  exponential  growth  while 
minimizing  your  storage  investment — all  with  the  support  of  a  team  that  will  exceed  your  expectations.  See  how  we  can  help 
your  business  go  further,  faster.  Find  out  how  you  can  use  50%  less  storage,  guaranteed ,*  at  netapp.com/efficiency. 


NetApp 


Go  further,  faster 


©  2008  NetApp.  All  rights  reserved.  Specifications  are  subject  to  change  without  notice.  NetApp,  the  NetApp  logo,  and  Go  further,  faster  are  trademarks  or  registered  trademarks  of  NetApp,  Inc.  in  the  United 
States  and/or  other  countries.  All  other  brands  or  products  are  trademarks  or  registered  trademarks  of  their  respective  holders  and  should  be  treated  as  such.  ‘This  guarantee  and  related  Program  is  limited  to 
the  terms  set  forth  in  the  Program  Guide  and  Acknowledgement  For  50%  Virtualization  Guarantee  Program  document,  applicable  only  to  prospective  orders  placed  after  the  Program  effective  date  and  is  dependent 
upon  your  compliance  with  the  terms  and  conditions  set  forth  in  this  document  and  any  of  the  instruction  sets  and  specifications  set  forth  in  the  referenced  documents.  NetApp  s  sole  and  exclusive  liability  and 
your  sole  and  exclusive  remedy  associated  with  the  terms  of  this  guarantee  and  related  Program  is  the  provision  by  NetApp  of  the  additional  storage  capacity  as  set  forth  in  this  guarantee  and  related  Program. 


Smarter  technology  for  a  Smarter  Planet: 

Is  your  information 
withholding  information? 

Most  businesses  have  a  data  management  strategy.  And  another.  And  another.  One  for  every  application: 
ERP,  CRM,  SCM,  HRM,  etc.  The  result  is  a  proliferation  of  siloed,  disjointed  data  that  gets  in  the  way  of 
smart  decisions.  An  Information  Agenda  from  IBM  moves  you  from  an  application-centric  approach  to  your 
information  toward  a  more  holistic  view  of  your  information  systems.  So  you  can  make  use  of  your  data 
to  make  decisions  faster  and  with  greater  confidence  -  helping  you  optimize  processes,  predict  market 
changes  and  act  on  new  opportunities.  Banks  can  better  manage  financial  risk.  Retail  companies  can 
spot  trends.  Manufacturing  companies  can  speed  delivery  across  a  complex  supply  chain.  So  information 
works  for  us,  instead  of  vice  versa. 


A  smarter  business  needs  smarter  software,  systems  and  services. 
Let’s  build  a  smarter  planet,  ibm.com/infoagenda 


IBM,  the  IBM  logo,  ibm.com,  Smarter  Planet  and  the  planet  icon  are  trademarks  ot  International  Business  Machines  Corp. ,  registered  in  many  jurisdictions  worldwide.  Other 
product  and  service  names  might  be  trademarks  of  IBM  or  other  companies.  A  current  list  of  IBM  trademarks  is  available  on  the  Web  at  www.lbm.com/legal/copytrade.shtml. 


